Basic IT Security #10|淺談資訊保安 #10

in #cn7 years ago (edited)

Hi everyone! Thanks for your support on the IT security series. And here comes to the 10th post. And I have to say I have never thought that I could make it into 10, so a big thanks you to every one of you. Remember last time we have discuss another approach to use the command prompt for the user management issue?

大家好!很感謝大家對資訊保安這個系列的支持,讓這個系列到逹第十個帖子了。我必須說,我一開始是沒有想過我能堅持到第十個帖子的,真的很感謝大家的支持。不知道大家還記不記得,我們上一次討論了用另一個流程在命令提示視窗中輪入不同的指令,來好好的協助我們的用戶管理。

And this time, I would like to share a more advance method for your guys to perform the user management task by running a script file. As we all known, there are always so many domain user that we cannot timely remove or disable, or sometimes we even left their account remain active even though those users have already left the company. So, an updated user list would be very important.

而這一次,我想要跟大家分享一個更深入的方法去協助大家好好的管理你的網域用戶。而這一次,我們不用命令提示視窗的指令,而是用腳本的形式。我們都知道,很多時候我們都不能馬上的把用戶的帳戶移除或是暫停。什至有些時候,即使用戶已經離開公司了,但我們卻忘記了要好好的處理他的帳號。所以,一個準確的用戶列表就變得很重要了。

Of course, if you are the system administrator, you can always generate an updated user list in the active directory or even management them in real time. However, how if you are not, but you want to make sure that no invalid users have been left in the domain? Running a script can help.

當然,如果你是一個系統管理員的話,你是可以隨時的列出一張用戶列表,什至可以實時的去管理你的用戶。可是,如果你不是的話,你可以怎樣做呢?一個腳本檔案能幫助你。

I have thought that I should upload the script file here to let you guys download it. However, after more consideration, for security reason, I better leave the code below, and let you guys copy it out and save it yourself.

我原本是打算把我平常用的腳本檔案上存過來的,可是再三思考後,為了保安你源故,我還是把編碼放上來,然後大家自已去複制保存好了。


Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection
If ObjMember.Class = "user" Then ' if not User object, move on.
x = x +1 ' counter used to increment the cells in Excel
objwb.Cells(x, 1).Value = objMember.Class
' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
Cn = ObjMember.CN
FirstName = objMember.GivenName
LastName = objMember.sn
initials = objMember.initials
Descrip = objMember.description
Office = objMember.physicalDeliveryOfficeName
Telephone = objMember.telephonenumber
EmailAddr = objMember.mail
WebPage = objMember.wwwHomePage
Addr1 = objMember.streetAddress
City = objMember.l
State = objMember.st
ZipCode = objMember.postalCode
Title = ObjMember.Title
Department = objMember.Department
Company = objMember.Company
Manager = ObjMember.Manager
Profile = objMember.profilePath
LoginScript = objMember.scriptpath
HomeDirectory = ObjMember.HomeDirectory
HomeDrive = ObjMember.homeDrive
AdsPath = Objmember.Adspath
LastLogin = objMember.LastLogin
AccountExpirationDate = objMember.AccountExpirationDate
AccountDisabled = objMember.AccountDisabled

zz = 1 ' Counter for array of 2ndary email addresses
For each email in ObjMember.proxyAddresses
If Left (email,5) = "SMTP:" Then
Primary = Mid (email,6) ' if SMTP is all caps, then it's the Primary
ElseIf Left (email,5) = "smtp:" Then
Secondary(zz) = Mid (email,6) ' load the list of 2ndary SMTP emails into Array.
zz = zz + 1
End If
Next
' Write the values to Excel, using the X counter to increment the rows.
objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = CN
objwb.Cells(x, 4).Value = FirstName
objwb.Cells(x, 5).Value = LastName
objwb.Cells(x, 6).Value = Initials
objwb.Cells(x, 7).Value = Descrip
objwb.Cells(x, 8).Value = Office
objwb.Cells(x, 9).Value = Telephone
objwb.Cells(x, 10).Value = EmailAddr
objwb.Cells(x, 11).Value = WebPage
objwb.Cells(x, 12).Value = Addr1
objwb.Cells(x, 13).Value = City
objwb.Cells(x, 14).Value = State
objwb.Cells(x, 15).Value = ZipCode
objwb.Cells(x, 16).Value = Title
objwb.Cells(x, 17).Value = Department
objwb.Cells(x, 18).Value = Company
objwb.Cells(x, 19).Value = Manager
objwb.Cells(x, 20).Value = Profile
objwb.Cells(x, 21).Value = LoginScript
objwb.Cells(x, 22).Value = HomeDirectory
objwb.Cells(x, 23).Value = HomeDrive
objwb.Cells(x, 24).Value = Adspath
objwb.Cells(x, 25).Value = LastLogin
objwb.Cells(x, 26).Value = AccountExpirationDate
objwb.Cells(x, 27).Value = AccountDisabled
' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,27+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
SamAccountName = "-"
Cn = "-"
FirstName = "-"
LastName = "-"
initials = "-"
Descrip = "-"
Office = "-"
Telephone = "-"
EmailAddr = "-"
WebPage = "-"
Addr1 = "-"
City = "-"
State = "-"
ZipCode = "-"
Title = "-"
Department = "-"
Company = "-"
Manager = "-"
Profile = "-"
LoginScript = "-"
HomeDirectory = "-"
HomeDrive = "-"
Primary = "-"
AccountExpirationDate = "-"
AccountDisabled = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If
' If the AD enumeration runs into an OU object, call the Sub again to itinerate
If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 2).Value = "SamAccountName"
objwb.Cells(1, 3).Value = "CN"
objwb.Cells(1, 4).Value = "FirstName"
objwb.Cells(1, 5).Value = "LastName"
objwb.Cells(1, 6).Value = "Initials"
objwb.Cells(1, 7).Value = "Descrip"
objwb.Cells(1, 8).Value = "Office"
objwb.Cells(1, 9).Value = "Telephone"
objwb.Cells(1, 10).Value = "Email"
objwb.Cells(1, 11).Value = "WebPage"
objwb.Cells(1, 12).Value = "Addr1"
objwb.Cells(1, 13).Value = "City"
objwb.Cells(1, 14).Value = "State"
objwb.Cells(1, 15).Value = "ZipCode"
objwb.Cells(1, 16).Value = "Title"
objwb.Cells(1, 17).Value = "Department"
objwb.Cells(1, 18).Value = "Company"
objwb.Cells(1, 19).Value = "Manager"
objwb.Cells(1, 20).Value = "Profile"
objwb.Cells(1, 21).Value = "LoginScript"
objwb.Cells(1, 22).Value = "HomeDirectory"
objwb.Cells(1, 23).Value = "HomeDrive"
objwb.Cells(1, 24).Value = "Adspath"
objwb.Cells(1, 25).Value = "LastLogin"
objwb.Cells(1, 26).Value = "AccountExpirationDate"
objwb.Cells(1, 27).Value = "AccountDisabled"
objwb.Cells(1, 28).Value = "Primary SMTP"
End Sub
MsgBox "Done" 'show that script is complete


You guys may copy the above code and paste it on a notepad, and save it as a vbs file, a sample screen was show as below:

大家可以複制上面的代碼,然後把它貼在記事本上,然後保存為 vbs檔案。大家可以參考下圖:

01.png
And you can now check the file is in vbs format.

然後,你會看到一個新的vbs檔案。

02.png

Now, you can double click the file, and it will auto run, and a new excel file would be appear. And you can see that the excel file is auto filling with all the user information according to your domain.

現在,你可以雙點這個檔案,然後它就會自動的運行。一個空白的excel檔案會出現,然後你會看到它在自動的填入你的網域的用戶資料。

03.png

After all the information was extracted, a window will be prompt up:

完成後,有一個視窗會出現表示完成。

04.png

And then you can have a full list of your domain user with the account creation date, account status, account detail information, etc. And I bet you can use this list to perform a lot of user analysis and also the user management for all kinds of security issue. So, remember to have a try on it!

然後,你現在就可以拿著你這個新鮮出爐的用戶列表去查看不同的用戶資料了,包括帳戶建立日期、帳戶狀態、帳戶的詳細資料等等。而我相信這個列表的資料是足夠讓你去做各種不同的用戶管理的動作了,記得試一試了。


Thanks for reading, I hope you enjoy it!
And please follow me and see my other post if you like it: @victorier

感謝你的閱讀,希望你會喜歡!
如果你覺得不錯的話請你追蹤我,也可以看我其他的文章: @victorier

Sort:  

恭喜你!您的这篇文章入选 @justyy 今日榜单 【优秀被错过的文章】, 请再接再厉!

Congratulations! This post has been selected by @justyy as today's 【Good Posts You May Miss】, Steem On!

Beautiful explanation

Thank you. I hope I am not making it confusing..

Can you tell the conclusion ? We non-programmers found out hard to understand the code

Well, I have to say actually there is not really conclusion for that. The code in the article is actually a script that you can run in your computer, and it will extract the all domain user information for your domain, which include the account creation date, and account detail.

And you can use it to manager your user. For example, you can see if there are any suspicious account left over or still active even the staff was gone. And I am kind of pretending the role of a IT audit without the system administration right, so you can generate a full list yourself.

Hope it can answer you :)