Finding profiles on domain workstations

‘ NAME: ScanComputersForProfile
‘ AUTHOR: Yuri de Jager , Provincie Groningen
‘ DATE  : 2009-05-20
‘ COMMENT: Scans all client computers from OU for a user profile. This
‘          was needed after it was suspected a user logged in with some one
‘          else account to read mail he wasn’t suppose to read.
‘ VERSION: 1.0 – Yuri de Jager – Initial Release
‘==========================================================================
Option Explicit
Dim objFSO
Dim objOU
Dim objFile
Dim objComputer
Dim objIP
Dim strComputer
Dim strLogFile
Dim intCounter
Dim intProfileFound
‘Profile name to search For
‘Const strProfile = “<ProfileName>”
Const strProfile = “IVT986”
‘Logfile path
strLogFile = “ScanComputersForProfile_” & strProfile & “.log”
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFSO.CreateTextFile(strLogFile, True)
Set objIP = CreateObject(“SScripting.IPNetwork”)
Function PingSSR( myHostName )
‘ This function returns True if the specified host could be pinged.
‘ myHostName can be a computer name or IP address.
‘ This function requires the System Scripting Runtime by Franz Krainer
‘ Standard housekeeping
Dim objIP
Set objIP = CreateObject( “SScripting.IPNetwork” )
If objIP.Ping( myHostName ) = 0 Then
PingSSR = True
Else
PingSSR = False
End If
Set objIP = Nothing
End Function
‘ Bind to the OU holding the computeraccounts, using the full Distinguished Name.
‘Set objOU = GetObject(“LDAP://ou=<ComputersOU>,dc=<Domain>,dc=<TopLevelDomain>”)
Set objOU = GetObject(“LDAP://ou=WS,dc=provinciegroningen,dc=nl”)
‘ Filter on objects of class computer.
objOU.Filter = Array(“computer”)
‘ Enumerate all computer objects in OU.
For Each objComputer In objOU
‘ The object reference objComputer is bound to each domain computer object with the LDAP provider.
strComputer = objComputer.sAMAccountName
‘ Remove trailing “$”.
strComputer = Left(strComputer, Len(strComputer) – 1)
‘For Testing
‘objFile.WriteLine “Replacing ” & strComputer & ” for <TestComputerName>”
‘strComputer = “<TestComputerName>”
‘Check if computer is turned on
If PingSSR(strComputer) = True Then
On Error Resume Next
‘If online
If objFSO.FolderExists (“\\” & strComputer & “\C$\Documents and Settings\” & strProfile)then
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” FOUND on PC!”
intProfileFound = CInt(intProfileFound) + 1
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” NOT found on PC.”
End If
‘If offline
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Computer was not responding to ping.”
End If
intCounter = CInt(intCounter) + 1
Next
‘Write final line and close logfile
objFile.WriteLine “All done. Scanned ” & intCounter & ” PC’s. Profile found on ” & intProfileFound & ” PC’s.”
objFile.Close
‘Free memory
Set objFSO = Nothing
Set objOU = Nothing
Set objFile = Nothing
Set objComputer = Nothing
Set objIP = Nothing
Set strComputer = Nothing
Set strLogFile = Nothing
Set intCounter = Nothing
Set intProfileFound = Nothing
‘Notify user
msgbox “done”
Quit
Recently I was asked if I could see if a user account was used by an unauthorized user (that somehow got the password for the account). I answered there is no way of knowing, because it is not technically possible to know what person is operating a machine if they use some other user’s  user name.
I could see however, on what machine this user was logged onto. Although this holds no legal ground what so ever, it could confirm some suspicion.
So I wrote composed this VB script to check all domain workstations for a profile.
It requires you to run it with an account that has admin privileges on the domain workstations for obvious reasons. It also requires you to install a little piece of software, namely System Scripting Runtime, to enable ping functionality without the usual weird scripting. You can download it here and find more info on it here.
The script is easily adjustable to check for more info, but my guess is you’ll figure it out =)
Replace the values within brackets <> with your domain information.
‘ NAME: ScanComputersForProfile
‘ AUTHOR: Yuri de Jager
‘ DATE  : 2009-05-26
‘ COMMENT: Scans all domain workstations from an OU for a user profile.
‘ VERSION: 1.0 – Yuri de Jager – Initial Release
‘==========================================================================
Option Explicit
Dim objFSO
Dim objOU
Dim objFile
Dim objComputer
Dim objIP
Dim strComputer
Dim strLogFile
Dim intCounter
Dim intProfileFound
‘Profile name to search For
Const strProfile = “<ProfileName>”
‘Logfile path
strLogFile = “ScanComputersForProfile_” & strProfile & “.log”
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFSO.CreateTextFile(strLogFile, True)
Set objIP = CreateObject(“SScripting.IPNetwork”)
Function PingSSR( myHostName )
‘ This function returns True if the specified host could be pinged.
‘ myHostName can be a computer name or IP address.
‘ This function requires the System Scripting Runtime by Franz Krainer
‘ Standard housekeeping
Dim objIP
Set objIP = CreateObject( “SScripting.IPNetwork” )
If objIP.Ping( myHostName ) = 0 Then
PingSSR = True
Else
PingSSR = False
End If
Set objIP = Nothing
End Function
‘ Bind to the OU holding the computeraccounts, using the full Distinguished Name.
Set objOU = GetObject(“LDAP://ou=<ComputersOU>,dc=<Domain>,dc=<TopLevelDomain>”)
‘ Filter on objects of class computer.
objOU.Filter = Array(“computer”)
‘ Enumerate all computer objects in OU.
For Each objComputer In objOU
‘ The object reference objComputer is bound to each domain computer object with the LDAP provider.
strComputer = objComputer.sAMAccountName
‘ Remove trailing “$”.
strComputer = Left(strComputer, Len(strComputer) – 1)
‘For Testing
‘objFile.WriteLine “Replacing ” & strComputer & ” for <TestComputerName>”
‘strComputer = “<TestComputerName>”
‘Check if computer is turned on
If PingSSR(strComputer) = True Then
On Error Resume Next
‘If online
If objFSO.FolderExists (“\\” & strComputer & “\C$\Documents and Settings\” & strProfile)then
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” FOUND on PC!”
intProfileFound = CInt(intProfileFound) + 1
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” NOT found on PC.”
End If
‘If offline
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Computer was not responding to ping.”
End If
intCounter = CInt(intCounter) + 1
Next
‘Write final line and close logfile
objFile.WriteLine “All done. Scanned ” & intCounter & ” PC’s. Profile found on ” & intProfileFound & ” PC’s.”
objFile.Close
‘Free memory
Set objFSO = Nothing
Set objOU = Nothing
Set objFile = Nothing
Set objComputer = Nothing
Set objIP = Nothing
Set strComputer = Nothing
Set strLogFile = Nothing
Set intCounter = Nothing
Set intProfileFound = Nothing
‘Notify user
msgbox “done”
Quit
Advertisements

About Yuri de Jager
Technology Addict

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: