(Remote) VBS/Batch Writing/Execution

AoN

AoN

Internet Programmer
Joined
Aug 1, 2012
Posts
114
Heads up, below this is all a copy & paste from another forum I haven't gotten any responses from. ^^'

Basically, I have a batch that will pull the current network drive mappings from the registry for a given SID and save it to a specified username's desktop.

This requires access to the machine (as if locally, so NetMeeting, RDC, etc.) and specifying the username and SID. What I'm trying to do is make it a remote batch, something that I can supply just the machine name and it automatically pull the current username/SID and fill in the blanks.

So, here's the code I have without remote access or automation:
Code: 
@Echo off
set user=
set sid=
cls
set /P user=Enter the username of the desktop the save to: 
set /P sid=Enter the SID of the user: 
reg export HKU\%sid%\Network "D:\Documents and Settings\%user%\Desktop\Network Drives.reg"
pause
exit
This works just fine from the local machine. Now I've tried modifying it to pull the current users information, but have only found two ways of doing so, %USERNAME% and "wmic computersystem get Username". The second one is great because it can be used remotely, which is what I'm ultimately hoping for.

Here's the issue with automating the username, the first the variable option returns the username of my administrator account and the command returns my administrator account + domain name (locally). Remotely, the username would only grab my account on my local machine while the command pulled the right information, but I can't use the domain name.

So, that's the first problem. Second it converting the username to the SID information. I don't have a clue how I'd do that. Lastly, how can I make it run remotely, since the HKU tree is not accessible remotely in Windows?

Any ideas would be greatly appreciated, even if it does come down to having to be a locally ran script, being able to remove the chance of getting the username/SID wrong would be very helpful. ^^
 
Re: (Remote) Batch Writing/Execution

What about SIDs in HKLM?

Code: 
 reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" > "%temp%\0" & start notepad "%temp%\0"

HKU does seem an integral part, unless you can somehow run whoami on the remote system.

--> WHAT IS THIS FOR??
 
Re: (Remote) Batch Writing/Execution

This is for XP??

I just noticed Documents and Settings
 
Re: (Remote) Batch Writing/Execution

lol, Actually, it'll ultimately be for XP and 7, but that's something I already have worked out. The issue is with grabbing the information.

As for its purpose, I'm trying to automate part of the back-up process when rebuilding a users profile on our work's network, because so many agent's ignore the "extra" parts such as network drives and printers. For now, I want to focus on the network drives (baby-steps). ^^'

So, any ideas on how to make this work, even if it does come down to having to put it on the local machine? I think the most difficult thing isn't even the remote access, but that when running it, it has to be ran as an administrator due to users not being allowed access to the registry. This makes it see the current user as being the admin when you want it to see the other user. :S



Edit:
An idea just occurred to me. Do you think it would be easier to do this with VBS instead of Batch? We use several VBS that allow us to remotely place scripts on a machine remotely and run them, just didn't occur to me til now. If so, any guidance on it? I make websites, so this is a little out of my comfort zone. ^^'
 
Re: (Remote) Batch Writing/Execution

Ace is very knowledgeable in vB might consider asking him :grin1:

You could also ask him about C#/++ if you are stronger in those languages.

Nice to see you back Chris :wave:
Congrats on the new cert, glad to see you're keeping busy.
 
Re: (Remote) Batch Writing/Execution

I wish it were under different circumstances than needing help with a project like this, but between school and work, I'm staying busy. ^^'

As for the language to use, I'm good with websites and know enough to get by with Excel macros, but that's about it. :(
 
Re: (Remote) Batch Writing/Execution

The main problem as I see it is the HKU registry hive as you indicated.

I've never attempted to grab the hives from another system.

Answers can probably be obtained from HKLM\...\SAM - but good luck with that one in Windows 7 unless you are NT AUTHORITY\SYSTEM.
 
Re: (Remote) Batch Writing/Execution

@jcgriff2: I do have full access to the SYSTEM account, but I'd prefer to make it so that we don't have to alter the credentials used to run the script. That's where it occurred to me to look at using VBS instead, since it is much more dynamic. We could actually make it a two parter. Use VBS for grab the infomation, create a batch on the target machine with the grabbed information, and run the batch. Biggest issue I'd run into with this path is that I don't know anywhere near enough about VBS to make that work. ^^'

@niemir: We actually do use psexec for a LOT of our tools, but as I'm not that type of programmer, I don't know anything about it. ^^'
 
Re: (Remote) Batch Writing/Execution

I haven't fully gathered what you're trying to do here, but I can do this in powershell pretty easily. You are probably aiming for compatibility though, and anything before Windows 7 doesn't come with Powershell by default. As for batch, it's pretty limited here in my opinion, but there's probably a way to do it.

As for anything though, Admin rights are something unavoidable unless you exploit the Windows system. Security measures are there for a reason, and are not implemented to be broken so easily. But VB.NET/C# whichever, would also make this a pretty possible and easy task.

Here's what I wrote in Powershell:
2OaB0.png


It's GUI based utilizing the .NET framework as reference, however this can be simplified as well into command line based output, and perhaps if you look at the way I grab the UserAccount information you may be able to make use of this script.

It's a big script though, so i'll post the relevant part.

Code: 
function Get_WinAccounts {
	$rtb_text.Text = ''

	$User_Accounts = get-wmiobject -class "Win32_UserAccount" -namespace "root\CIMV2" `
	-filter "LocalAccount = True" -computername "."

	foreach ($obj in $User_Accounts) {
	
	$AccountType = $obj.AccountType
	$Caption = $obj.Caption
	$Description = $obj.Description
	$Disabled = $obj.Disabled
	$Domain = $obj.Domain
	$FullName = $obj.FullName
	$InstallDate = $obj.InstallDate
	$LocalAccount = $obj.LocalAccount
	$Lockout = $obj.Lockout
	$Name = $obj.Name
	$PasswordChangeable = $obj.PasswordChangeable
	$PasswordExpires = $obj.PasswordExpires
	$PasswordRequired = $obj.PasswordRequired
	$SID = $obj.SID
	$SIDType = $obj.SIDType
	$Status = $obj.Status
	
		Write_ "Account Type: $AccountType"
		Write_ "Caption: $Caption"
		Write_ "Description: $Description"
		Write_ "Disabled: $Disabled"
		Write_ "Domain: $Domain"
		Write_ "FullName: $FullName"
		Write_ "Installation Date: $InstallDate"
		Write_ "Local Account: $LocalAccount"
		Write_ "Lockout: $Lockout"
		Write_ "Name: $Name"
		Write_ "Password Changeable: $PasswordChangeable"
		Write_ "Password Expires: $PasswordExpires"
		Write_ "Password Required: $PasswordRequired"
		Write_ "SID: $SID"
		Write_ "SID Type: $SIDType"
		Write_ "Status: $Status"
		Write_
	}		
}

If you stuck with batch... Then I may be able to write something up for you as well.
 
Re: (Remote) Batch Writing/Execution

I'm stuck at batch, VBS, and psexec (as mentioned by niemir). I know we can pull the information remotely in batch, which would provide the information, but we still would need to run the batch on the target machine with the information grabbed remotely to pull the information from the HKU registry tree

So, here's a simple breakdown of what this is meant to help with. On our network, profile corruption is a common thing (700,000+ users makes it hard to avoid). As such, there are four things we are required to support recovery for: Network Drive Mappings, Network Printer Mappings, PST Mappings, and Profile Files (Desktop, Documents, and Favorites). This is universal requirements between XP and 7. Most complex part of these differences is that Windows 7 splits the My Documents into all the individual directories.

The issue we have is that most of our agents don't do the remappings because it hurts their numbers to stay on a call longer just to restore them when the user actually still has access (but doesn't know they do).

For Windows XP, the profile rebuild process is fairly easy, back-up the mappings, rename the user corrupted profle, and restore mappings and files to newly created local profile (after Cx logs in to regenerate the local profile from the network profile).

In Windows 7, Microsoft made this method a little harder for us to do. Now we have to remove the registry key from HKLM\SOFWARE\Microsoft\Windows NT\CurrentVersion\ProfileList, which is also SID-based (just like the network drive mappings), when we rename the corrupted profile. Otherwise, same process.

I know the we can't do the PSTs locations back-up/restore via batch, but the rest can be done from the target machine in batch, I know, I've made it work. The issue comes with grabbing the right information to remove the human error involved in getting the right SID and/or making the process work remotely (HKU registry tree).

Now, I'm no beginner to this entire thing and now that it will have to be broken into, at least, two scripts. The first being for while the customer is logged in and/or out for renaming, and the second for after their profile has been rebuilt. Not a big deal. I actually expect it to be three so three's no issue with pulling the current user information and then running the renaming/registry editing after they log out.

So, that's the basic rundown of what my end-game is, but I'm not looking for a 1-stop fix all for it. I think that's a bit much to ask for. All I'm looking for is a means to remove the human error in backing-up the mappings, preferrably without having to remote into the machine. Restoration is a lot easier when you know where everything is.



Edit:
Also, as a note, any scripts I use, though will be noted for credit to the authors, would be claimed by HP. So, if that's a problem for you, please let me know and I'd be more than happy with tutorials on how to do these tasks (expect questions). I'm hoping for some time this weekend to study up on VBS, but I also have a computer to break down, test, and rebuild for my brother. ^^'
 
Re: (Remote) Batch Writing/Execution

The downside to that is that it requires getsid.exe to first be approved for use on the network by our network security analysts, then provided either to all the machines running the script or with the script (with the script, not a big deal, issue is with getting approval to use it). It's the one of the reasons noone has made scripts for these tasks we have to do so often. :(

We're actually developing a new program that will allow us to easily organize, update, and make available to all agents, remote fixes that are simple and easy to run. The intent is to get rid of the need to have "better" technicians (they don't get better answering phones 8 hours a day) by making up for it by having the processes automated. Easier to change a process than a company-worth of servicedesk technicians. ^^'

Like I said, I'm hoping for some time to brush up on it this weekend, but any tutorials or snippets is greatly appreciated. :)
 
Re: (Remote) Batch Writing/Execution

Something like this? I still can't really test anything and I am not sure if I have everything clear.

Code: 
@ECHO OFF && SETLOCAL EnableDelayedExpansion

CALL :GetIdentifiers

ECHO Exporting data for '%USER%' with SID:%SID%...
REG EXPORT HKU\%SID%\Network "%WINDIR:~0,1%:\Network Drives.reg"

PAUSE && GOTO :EOF

:GetIdentifiers
CALL :GetUser && CALL :GetUserSID
goto :EOF

:GetUser
for /f "tokens=3 skip=1 delims=\ " %%G IN ('"wmic computersystem get Username"') DO (
	set USER=%%G&& goto :EOF
)

:GetUserSID
FOR /F "skip=1" %%G IN ('"wmic path win32_useraccount where name='%USER%' get sid"') DO (
   SET SID=%%G&& GOTO :EOF
)
 
Last edited:
Re: (Remote) Batch Writing/Execution

The output: (*I only have myself as a visible user anyways)
Code: 
Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1057692186-3339034607-3089069445-1001\Network]

In C:\Network Drives.reg... I stuck with WMI as the way you preferred it over %UserName%. But I ended up with the full thing, so I had to parse the real username out of that output.
 
Re: (Remote) Batch Writing/Execution

First look at the code, it looks like it'd work, and when I ran it I got access denied, but that's because I ran it with user permissions. When I run it with administrator rights, it just freezes. :S

I've tried using the FQN, the 8.3 path, even threw in the "start" command, but they all produced the same result. I could still Ctrl+C to cancel out, and was prompted to do so, something I'm not use to seeing, but it wouldn't actually run. :S

My concern for it is that I can't see where it would pull the regular users information instead of the administrators, but I'll have to wait until I can figure out how to make it actually run.



Edit:
Alright, so I just made the post and rechecked the prompt, it did complete-ish. It gave me this as the response when ran with "start":
Code: 
No Instance(s) Available.
Exporting data for '' with SID:...

Error:  The specified path is invalid.
Press any key to continue . . .
 
Re: (Remote) Batch Writing/Execution

Parsing the username with that wmic command is invalid then, which then breaks the SID check too. Can you show me what that wmic command returns for YOU, for the username retrieval?

I get something like: user/USER/someusername
 
Re: (Remote) Batch Writing/Execution

Code: 
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>wmic computersystem get Username
UserName
DOMAIN\chris.esbrandt


C:\WINDOWS\system32>wmic path win32_useraccount where name='chris.esbrandt' get sid
SID
S-1-5-21-1228493135-1473791447-1069890735-58882


C:\WINDOWS\system32>

That's running it as administrator, so if did pull the correct information for the user (me on my user account) when ran from a command prompt (adm account). First thing that I thought of when I ran the command directly was the trunc, but I didn't know you could do half of what you did in a batch, so it's way over my head. ^^'



Edit:
I edited the domain out.



Edit:
I think I got it! Tell me if this works for you:
Code: 
@ECHO OFF && SETLOCAL EnableDelayedExpansion

CALL :GetIdentifiers

ECHO Exporting data for '%USER%' with SID:%SID%...
REG EXPORT HKU\%SID%\Network "%WINDIR:~0,1%:\Network Drives.reg"

PAUSE && GOTO :EOF

:GetIdentifiers
CALL :GetUser && CALL :GetUserSID
goto :EOF

:GetUser
for /f "tokens=2 skip=1 delims=\ " %%G IN ('"wmic computersystem get Username"') DO (
	set USER=%%G&& goto :EOF
)

:GetUserSID
FOR /F "skip=1" %%G IN ('"wmic path win32_useraccount where name='%USER%' get sid"') DO (
   SET SID=%%G&& GOTO :EOF
)

All I changed was the tokens for the first "for" from 3 to 2 and it ran, at least on my schools computer. I'll be able to test it at work in the morning. ^^'
 
Re: (Remote) Batch Writing/Execution

If the tokens you've set can parse the standard for your system's computers, then all should be good :) Nice work.
 
Re: (Remote) Batch Writing/Execution

Great work you two,

Amazing what a couple of sharp minds can do :grin1:
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top