cjconstantine

I have tried searching with no luck, what I am trying to find is at what time does the CTRL-ALT-DEL screen appear for a user to log in. I don't need to interact with it in any way, just what time it popped up ... even if finding that time is after the user has logged in. I'm trying to measure from the point Windows starts up to the point the logon screen appears, stop measuring, then start again from the time the user successfully logs in to the time a predetermined process starts. Right now I'm using the time that the Secondary Logon service starts as the point where the logon screen is up, but I know that's not really accurate. Any ideas? #include <Services.au3> #include <Date.au3> #include <EventLog.au3> Global Const $wbemFlagReturnImmediately = 0x10 Global Const $wbemFlagForwardOnly = 0x20 $WINDOWS_START_TIME = _DateAdd('s', -1 * Int(_Date_Time_GetTickCount() / 1000), _NowCalc()) $SECLOGON_START_TIME = _Get_SecLogon() $USER_START_TIME = _GetUserLogon() MsgBox(0, 'Date/Time stamps', 'Windows Start = ' & $WINDOWS_START_TIME & _ @CR & 'Secondary Logon Start = ' & $SECLOGON_START_TIME & _ @CR & 'User Logon Start = ' & $USER_START_TIME & _ @CR & 'Process Startup = ' & _NowCalc()) Func Main() ; Needed for Services.au3 EndFunc Func _Get_SecLogon() $created = '' $query = _Service_QueryStatus('seclogon') $oWMIService = ObjGet('winmgmts:\\' & '.' & '\root\CIMV2') If IsObj($oWMIService) Then $colItems = $oWMIService.ExecQuery('SELECT * FROM Win32_Process Where ProcessId=' & $query[7] & ' ', 'WQL', $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) Then For $oItem In $colItems $created = $oItem.CreationDate Next EndIf EndIf Return StringMid($created, 1, 4) & '/' & StringMid($created, 5, 2) & '/' & StringMid($created, 7, 2) & ' ' & StringMid($created, 9, 2) & ':' & StringMid($created, 11, 2) & ':' & StringMid($created, 13, 2) EndFunc Func _GetUserLogon() $created = '' $hEventLog = _EventLog__Open('', 'Security') Do $log = _EventLog__Read($hEventLog, True, False) $date = StringSplit($log[2], '/') $date = $date[3] & '/' & $date[1] & '/' & $date[2] $time = StringSplit($log[3], ':') If StringRight($time[3], 2) = 'PM' Then $time[1] += 12 $time[3] = StringTrimRight($time[3], 3) $time = $time[1] & ':' & $time[2] & ':' & $time[3] $log[2] = $date $log[3] = $time If $log[6] = 528 And $log[9] = 2 And $log[7] = 8 And $log[12] = @LogonDomain & '\' & @UserName Then $created = $log[2] & ' ' & $log[3] EndIf Until $log[2] & ' ' & $log[3] < $SECLOGON_START_TIME Return $created EndFunc

Ok, got a strange problem here ... The service start, runs to completion, throws the attached file as an error message. The FOR loop at the end was an attempt to let everything come to "rest" before stopping the service. The biggest stumper is that the error is random, seems to occur more frequently once it has appeared and has never happened once on my machine. Any ideas?? Func Main() If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) If Not FileExists('C:\Boot_Metric\Timer_Event.exe') Then FileInstall('U:\AutoIt3\Scripts\BootMetric\Timer_Event.exe', 'C:\Boot_Metric\Timer_Event.exe', 1) Dim $keynames[10] = [9, 'Date', 'BootTime', 'Model', 'CPU', 'RAM', 'OS', 'MachineOU', 'UserID', 'ProfileSize'] For $i = 1 To $keynames[0] RegWrite('HKLM\SOFTWARE\BootTimer', $keynames[$i], 'REG_SZ', '') Sleep(100) Next RegWrite('HKLM\SOFTWARE\BootTimer', 'LogUpdate', 'REG_SZ', '0') $duration = -1000000 If IniRead(@ScriptDir & '\BootMetric.ini', 'Settings', 'Beep', '0') = '1' Or Not @Compiled Then $beep = True Else $beep = False EndIf Do If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) $query = _Service_QueryStatus('seclogon') If Not IsArray($query) Then ContinueLoop Until $query[1] = $SERVICE_RUNNING $duration = Int(_Date_Time_GetTickCount()) If $beep Then _BeepTwice() While 1 If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(250) $user = _GetLoggedOn() If $user Then If $beep Then _BeepTwice() ExitLoop EndIf WEnd $timer = TimerInit() $pid = Run(@ScriptDir & '\BootTimerSvc.exe -process', @ScriptDir, @SW_HIDE) $sid = _Security__LookupAccountName($user, @ComputerName) Do If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) $profile = RegRead('HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\' & $sid[0], 'ProfileImagePath') Until $profile <> '' Do If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) Until FileExists($profile & '\Start Menu\Programs\Startup') If Not FileExists($profile & '\Start Menu\Programs\Startup\Timer_Event.lnk') Then FileCreateShortcut('C:\Boot_Metric\Timer_Event.exe', $profile & '\Start Menu\Programs\Startup\Timer_Event.lnk', 'C:\Boot_Metric') $trigger = IniRead(@ScriptDir & '\BootMetric.ini', 'Settings', 'Name', 'Timer_Event.exe') Do If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) Until ProcessExists($trigger) $duration += Int(TimerDiff($timer)) If $beep Then _BeepTwice() Dim $hrs, $mins, $secs _TicksToTime($duration, $hrs, $mins, $secs) $write = _Now() & @TAB & StringFormat("%02i:%02i:%02i", $hrs, $mins, $secs) & @TAB $specs = _GetSpecs($user, $profile) For $i = 1 To $specs[0] $write &= $specs[$i] & @TAB Next $write = StringTrimRight($write, 1) If Not FileExists(@ScriptDir & '\' & @ComputerName & '.log') Then FileWriteLine(@ScriptDir & '\' & @ComputerName & '.log', 'Date/Time' & @TAB & 'Boot Time' & @TAB & 'Model' & @TAB & 'Processor' & @TAB & 'RAM' & @TAB & 'Operating System' & @TAB & 'Machine OUs' & @TAB & 'User ID' & @TAB & 'Profile Size') Sleep(500) EndIf FileWriteLine(@ScriptDir & '\' & @ComputerName & '.log', $write) Sleep(500) If _FileCountLines(@ScriptDir & '\' & @ComputerName & '.log') > 91 Then Dim $record If _FileReadToArray(@ScriptDir & '\' & @ComputerName & '.log', $record) Then Do _ArrayDelete($record, 2) $record[0] -= 1 If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) Until $record[0] = 91 EndIf If _FileWriteFromArray(@ScriptDir & '\' & 'temp.log', $record, 1) Then FileMove(@ScriptDir & '\' & 'temp.log', @ScriptDir & '\' & @ComputerName & '.log', 1) EndIf $regwrite = StringSplit($write, @TAB, 1) For $i = 1 To $keynames[0] RegWrite('HKLM\SOFTWARE\BootTimer', $keynames[$i], 'REG_SZ', $regwrite[$i]) Sleep(100) Next RegWrite('HKLM\SOFTWARE\BootTimer', 'LogUpdate', 'REG_SZ', '1') Do Sleep(100) If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Until Not ProcessExists($pid) If Not @Compiled Then Exit For $i = 1 To 100 If @Compiled Then _Service_ReportStatus($SERVICE_RUNNING, $NO_ERROR, 10000) Sleep(100) Next _Service_Stop($SERVICE_NAME) Exit EndFunc ;==>Main

Perhaps you could use WMI to pull the info you need ... $computer = '.' $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $oWMIService = ObjGet('winmgmts:\\' & $computer& '\root\CIMV2') If IsObj($oWMIService) Then $colItems = $oWMIService.ExecQuery('SELECT * FROM Win32_ComputerSystem', 'WQL', $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) Then For $oItem In $colItems $model = $oItem.Model Next EndIf EndIf

Something like this maybe? $Excel_Path = 'C:\Program Files\Microsoft Office\Office12\Excel.exe' $File_Name = 'D:\book1.xlsx' $pid = Run($Excel_Path & ' "' & $File_Name & '"') Do Sleep(10) Until Not ProcessExists($pid) ... Here's the rest of your script once Excel closes ...

That a whole lotta code to go thru. My ultimate goal was to detect if an Office app had opened a file with an embedded flash object and if so, kill the process. Here's what I came up with: #include <Constants.au3> #include <Array.au3> _EmbeddedGameScan('excel.exe') Func _EmbeddedGameScan($OfficeApp) If Not ProcessExists($OfficeApp) Then Return $pid = Run('Handle -p ' & $OfficeApp, @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) $read = '' While 1 $read &= StdoutRead($pid) If @error Then ExitLoop WEnd $read = StringSplit($read, @CRLF, 1) If $read[0] < 7 Then Return $pid = StringTrimLeft($read[7], StringInStr($read[7], 'pid: ') + 4) $length = 1 While 1 If StringMid($pid, $length, 1) = ' ' Then ExitLoop $length += 1 WEnd $pid = StringLeft($pid, $length - 1) If _ArraySearch($read, 'File (R--) ' & @SystemDir & '\Macromed\Flash\', 1, 0, 0, 1) > 0 Then ProcessClose($pid) EndFunc

@PsaltyDS: That's what I was afraid of ... ok, I'll have to stick with using Sysinternals' Handle.exe app and parsing the output. Not as elegant as I hoped but it works. Thanks!

All that would do is let me know that Notepad.exe is running, what I need to know is what file Notepad.exe has open.

Ok, after much searching the answer has eluded me. I know how to tell when a process has started, but what I want to know is if that process has a file opened. (IE a user start Excel to view an .xls file ... is it possible to know what .xls file was opened?) Any ideas where to start? *EDIT* I'd rather keep within the confines of AutoIt ...

I've had a strange problem pop up. When I go to compile my AU3 script with Scite (using either the F7 or Ctrl+F7 method) I get the following window Title - Aut2Exe Error Message - Error adding file: D:\AutoIt3\blah.exe I've tried to uninstall, regclean, and reinstall with no luck. I have full control over the folders and subfolders where I'm compiling and admin rights on my PC. Any ideas? EDIT: It seems to be only certain AU3 files, I'll have to keep digging ... EDIT: I'm an idiot, problem solved.

@PsaltyDS From what I read this only affects removable devices DriveType=3 only detects fixed drives. @botanic The ID I'm using has admin rights.

The code below works fine on my XP box but my Vista box does something a bit odd ... I don't get any object errors but $objItem.Size and $objItem.FreeSpace both return nothing while $objItem.DeviceID and $objItem.VolumeName both return the correct information. UAC and firewall are disabled. Setting $sIPaddress = '.' makes no difference. Any ideas on what's happening? $objWMIService = ObjGet('winmgmts:\\' & $sIPaddress & '\root\CIMV2') If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_LogicalDisk Where DriveType=3 ', 'WQL', $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) Then For $objItem In $colItems _GUICtrlListView_AddItem($hLVIEW_Drives, $objItem.DeviceID & ' [' & $objItem.VolumeName & ']') $iIndex = _GUICtrlListView_GetItemCount($hLVIEW_Drives) - 1 _GUICtrlListView_AddSubItem($hLVIEW_Drives, $iIndex, $objItem.FileSystem, 1) _GUICtrlListView_AddSubItem($hLVIEW_Drives, $iIndex, StringFormat('%.2f', $objItem.Size / (1024 ^ 3)) & ' GB', 2) _GUICtrlListView_AddSubItem($hLVIEW_Drives, $iIndex, StringFormat('%.2f', $objItem.FreeSpace / (1024 ^ 3)) & ' GB', 3) _GUICtrlListView_AddSubItem($hLVIEW_Drives, $iIndex, StringFormat('%.2f', $objItem.FreeSpace / $objItem.Size * 100) & ' %', 4) If StringLeft(_GUICtrlListView_GetItemText($hLVIEW_Drives, $iIndex, 0), 1) = 'c' Or StringLeft(_GUICtrlListView_GetItemText($hLVIEW_Drives, $iIndex, 0), 1) = 'd' Then _GUICtrlListView_SetItemChecked($hLVIEW_Drives, $iIndex, True) EndIf Next EndIf EndIf The DriveGet commands work fine on the Vista box, but ultimately the script needs to get this data from remote PCs.

I think I may have discovered the problem. From what I can tell when starting a process with WMI that process does not access to network resources. I discovered that when I started a process that I knew was running on a remote machine that process was unable to copy files over the network, which would normally be permitted using my login credentials. It also makes sense that RunAs would fail because it wouldn't be able to find the user ID (assuming the profile did not exist on the machine the script had been started on).

That doesn't really matter for what I am trying to accomplish.

Thanks for the info but USMT and BDD are overkill for what I need. I did more reading and I think an DLL call to userenv.dll using LoadUserProfile may work before issuing the RunAs commands. Problem is I'm even less familiar with DLLs than I am with WMI. Any suggestions on how to proceed with CallDLL would be much appreciated. BTW, using PSEXEC to build a profile without the user actually logging in works great. Once ntuser.dat exists on the new PC I can import settings from the old registry.

I think I have discovered the problem ... the user's profile must be loaded first before the process is created. Unfortunately, I'm not sure where to go from this point.

Failed for all four. I modified test.exe to: FileWriteLine('D:\test.txt', 'Comspec: ' & @ComSpec & @TAB & 'SystemDir: ' & @SystemDir) $pid = RunAs('xcs1621', 'pwus', '@zildas-08', 1, @ComSpec, @SystemDir) FileWriteLine('D:\test.txt', $pid) $pid = RunAs('xcs1621', 'pwus', '@zildas-08', 2, @ComSpec, @SystemDir) FileWriteLine('D:\test.txt', $pid) $pid = RunAs('xcs1621', 'pwus', '@zildas-08', 0, @ComSpec, @SystemDir) FileWriteLine('D:\test.txt', $pid) $pid = RunAs('xcs1621', 'pwus', '@zildas-08', 4, @ComSpec, @SystemDir) FileWriteLine('D:\test.txt', $pid) And get this as the output: Comspec: C:\Windows\System32\cmd.exe SystemDir: C:\Windows\System32 0 0 0 0

<bump> Any reason why RunAs doesn't work with WMI?

This is part of a profile copy including files, so rebooting the PC really isn't an option. Not knowing all too much about WMI, is there any reason why RunAs would fail given all the correct credentials?

In a nut shell I was using PSEXEC to start a process as a different user on a remote PC for the sole purpose of creating that user's profile in C:\Documents and Settings. I was told I could no longer use PSEXEC so I've started to experiment with WMI. At this point I have one script that starts a process on the remote PC: $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = '' #include <String.au3> #include <File.au3> MsgBox(0, '', _RemoteStart('U:\AutoIt3\Scripts\Snippets\test.exe', '', 'xxx.xxx.xxx.xxx')) Func _RemoteStart($exe, $parameters = '', $computer = 'localhost') Dim $objWMIService, $objProcess Dim $strShell, $objProgram Dim $szDrive, $szDir, $szFName, $szExt $pid = 0 $exe = _PathSplit($exe, $szDrive, $szDir, $szFName, $szExt) If $parameters <> '' Then $parameters = ' ' & $parameters ; Connect to WMI $oWMIService = ObjGet('winmgmts://' & $computer & '/root/cimv2') If Not IsObj($oWMIService) Then Return 0 $colItems = $oWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem ", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) Then For $oItem In $colItems $systemdir = $oItem.SystemDirectory Next EndIf FileCopy($exe[0], '\\' & $computer & '\C$\' & StringTrimLeft($systemdir, 3), 1) ; Obtain the Win32_Process class of object. $oProcess = $oWMIService.Get('Win32_Process') $oProgram = $oProcess.Methods_('Create' ).InParameters.SpawnInstance_() $oProgram.CommandLine = $exe[3] & $exe[4] & $parameters ;Execute the program now at the command line. $start = $oWMIService.ExecMethod('Win32_Process', 'Create', $oProgram) $colItems = $oWMIService.ExecQuery('SELECT * FROM Win32_Process ', 'WQL', $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) Then For $oItem In $colItems If $oItem.Name = $exe[3] & $exe[4] Then $pid = $oItem.ProcessId ExitLoop EndIf Next EndIf Return $pid EndFunc ;==>_RemoteStart And the second part which is supposed to start a process as the other user (Test.exe): $pid = RunAs($user, $domain, $password, 1, 'C:\Windows\system32\Calc.exe') FileWriteLine('D:\test.txt', $pid) I know that Test.exe runs on the remote machine because the text file is updated every time but Calc never starts. Any ideas? Or an easier way to create the other user's profile

Thanks much! When did that change?

Ok, here's the code: #include <GUIConstants.au3> $hGUI_Main = GUICreate('Profile Mover', 400, 300) GUICtrlCreateLabel('Old Profile', 10, 10) GUICtrlCreateLabel('', 10, 28, 260, 18, $SS_SUNKEN) GUISetState(@SW_SHOW, $hGUI_Main) Do $msg = GUIGetMsg() Until $msg = $GUI_EVENT_CLOSE I just installed the latest version of AutoIt, AutoIt beta, and Scite ... and when I run the program I get the follow errors: D:\Documents and Settings\xcs1621a\Desktop\Scripts\Profile Move.au3(5,51) : WARNING: $SS_SUNKEN: possibly used before declaration. GUICtrlCreateLabel('', 10, 28, 260, 18, $SS_SUNKEN) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ D:\Documents and Settings\xcs1621a\Desktop\Scripts\Profile Move.au3(5,51) : ERROR: $SS_SUNKEN: undeclared global variable. GUICtrlCreateLabel('', 10, 28, 260, 18, $SS_SUNKEN) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ D:\Documents and Settings\xcs1621a\Desktop\Scripts\Profile Move.au3 - 1 error(s), 1 warning(s) Any ideas? Have I just totally lost it??

Unfortunately I can't do that. This is part of a remote program that is pushed out to various computers that may or may not have USB HDDs and the owners have full control over them if they exist so the file could just as easily be deleted.

I tried this code and did not get any drives back. Any ideas what I might be doing wrong? Drives C: D: E: T: are on internal drives (NTFS format) and U: is a USB HDD.

Thanks much to both of you ... now back to scripting.

I have run into a delima... I want to export user settings from the registry. I have the user ID, domain, and the account SID. I am able to see my SID under HKEY_USERS but no others even though other users have logged into the PC. Is there any way to do this without being logged in as the user? I want to get mapped printer, network drives, and outlook settings. Any help is greatly appreciated.