Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 (edited) EDIT: it would be better to run SciTE at Administrator level and then run the script to be able to see the consolewrite output! Ok, so you can conclude it isn't process then... So guess we need the next level debugging step. #RequireAdmin #include <Array.au3> #include <StringConstants.au3> $sKeepNames = "(pxadmin|domain admins|desktop admin)" ; RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE) Local $oGroup, $aUsers[1] = [""] $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group") If IsObj($oGroup) Then For $member In $oGroup.Members _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8))) Next EndIf $aUsers[0] = UBound($aUsers) - 1 ;_ArrayDisplay($aUsers) For $i = 1 To $aUsers[0] ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $aUsers[0] = ' & $aUsers[0] & @CRLF) ;### Debug Console If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)" $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1)) ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE) RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Else ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : Skipped ' & $aUsers[0] & @CRLF) ;### Debug Console EndIf Next What does this give. Edited July 25, 2017 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 >"C:\Program Files (x86)\AutoIt3\SciTE\..\AutoIt3.exe" "C:\Program Files (x86)\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.au3" /run /prod /ErrorStdOut /in "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3" /UserParams +>08:54:01 Starting AutoIt3Wrapper v.17.224.935.0 SciTE v.3.7.3.0 Keyboard:00000409 OS:WIN_10/ CPU:X64 OS:X64 Environment(Language:0409) CodePage:0 utf8.auto.check:4 +> SciTEDir => C:\Program Files (x86)\AutoIt3\SciTE UserDir => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE\AutoIt3Wrapper SCITE_USERHOME => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE >Running AU3Check (3.3.14.2) from:C:\Program Files (x86)\AutoIt3 input:C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3 +>08:54:01 AU3Check ended.rc:0 >Running:(3.3.14.2):C:\Program Files (x86)\AutoIt3\autoit3.exe "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3" --> Press Ctrl+Alt+Break to Restart or Ctrl+Break to Stop @@ Debug(21) : $aUsers[0] = 4 @@ Debug(28) : Skipped 4 @@ Debug(21) : $aUsers[0] = 4 @@ Debug(28) : Skipped 4 @@ Debug(21) : $aUsers[0] = 4 @@ Debug(28) : Skipped 4 @@ Debug(21) : $aUsers[0] = 4 @@ Debug(28) : Skipped 4 +>08:54:09 AutoIt3.exe ended.rc:0 +>08:54:09 AutoIt3Wrapper Finished. >Exit code: 0 Time: 8.688
Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 i see I made a mistake... that should of course have been $aUsers[$i] in the debug statement to show the exact names found. #RequireAdmin #include <Array.au3> #include <StringConstants.au3> $sKeepNames = "(pxadmin|domain admins|desktop admin)" ; RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE) Local $oGroup, $aUsers[1] = [""] $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group") If IsObj($oGroup) Then For $member In $oGroup.Members _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8))) Next EndIf $aUsers[0] = UBound($aUsers) - 1 ;_ArrayDisplay($aUsers) For $i = 1 To $aUsers[0] ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $aUsers[$i] = ' & $aUsers[$i] & @CRLF) ;### Debug Console If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)" $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1)) ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE) RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Else ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : Skipped ' & $aUsers[$i] & @CRLF) ;### Debug Console EndIf Next Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 Ah not worries Jos, thanks again for your help. Here is the output: @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/USADANFAUGNOA21/PXAdmin @@ Debug(28) : Skipped DOMAIN-USA/USADANFAUGNOA21/PXAdmin @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/Domain Admins @@ Debug(28) : Skipped DOMAIN-USA/Domain Admins @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/Desktop Admin @@ Debug(28) : Skipped DOMAIN-USA/Desktop Admin @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/PDIDesktop Admin @@ Debug(28) : Skipped DOMAIN-USA/PDIDesktop Admin
Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 Ok ... couple of things here after some debugging: The $sKeepNames needs the total name for the group including the domain, similar to what is returend by the WMI call. The RexgEx test is the wrong way around making it fail at the wrong times. This should be close: #RequireAdmin #include <Array.au3> #include <StringConstants.au3> $sKeepNames = "(pxadmin|DOMAIN-USA/domain admins|DOMAIN-USA/desktop admin)" ; RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE) Local $oGroup, $aUsers[1] = [""] $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group") If IsObj($oGroup) Then For $member In $oGroup.Members _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8))) Next EndIf $aUsers[0] = UBound($aUsers) - 1 ;_ArrayDisplay($aUsers) For $i = 1 To $aUsers[0] ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $aUsers[$i] = ' & $aUsers[$i] & @CRLF) ;### Debug Console If Not StringRegExp($sKeepNames, "(?i)" & $aUsers[$i]) Then ;<-- Added case-insensitive "(?i)" $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1)) ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE) RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Else ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : Skipped ' & $aUsers[$i] & @CRLF) ;### Debug Console EndIf Next Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 @Jos We are getting closer however it keeps trying to delete a local user "pxadmin" which is the build in administrator account renamed which cannot be deleted. So it's really not an issue because that account cannot be deleted however if we can avoid that script from trying to delete that account it would be nice. The other domain groups seem to be removed! Thank you. SciTE output snippet: @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/USADANFAUGNOA21/PXAdmin @@ Debug(26) : cmd = C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "PXAdmin" /delete >Error code: 0
Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 Just put the whole string you get from the array into the $sKeepNames variable and separate them with a vertical-bar character. $sKeepNames = "(DOMAIN-USA/USADANFAUGNOA21/PXAdmin|DOMAIN-USA/domain admins|DOMAIN-USA/desktop admin)" Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 Hi @Jos The local PXAdmin account name would change the computer name Exp: DOMAIN-USA/<computername will change per computer>/pxadmin $sKeepNames = "(DOMAIN-USA/ & ' @ComputerName ' & /pxadmin|PxAdmin|PXAdmin|DOMAIN-USA/pdidesktop admin)"
Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 close but guess this should be closer: $sKeepNames = "(DOMAIN-USA/" & @ComputerName & "/pxadmin|PxAdmin|PXAdmin|DOMAIN-USA/pdidesktop admin)" Aren't you using SciTE with it's syntaxcolor/highlighting as that helps to see where a literal string ends. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 That worked! Thanks again Jos, now the fun part of dissecting to try and better understand exactly what it's doing.
Developers Jos Posted July 25, 2017 Developers Posted July 25, 2017 You're welcome, but ... Just now, antmar904 said: now the fun part of dissecting to try and better understand exactly what it's doing. .. I think you are really brave running stuff made by others without first understanding it. I prefer to do it normally the other way around before actually running it. Enjoy, Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted July 25, 2017 Author Posted July 25, 2017 I understand enough to know nothing malicious was happening. The only thing that I have to work on is working with arrays and looping through them and also working with objects. Thanks again!
antmar904 Posted August 1, 2017 Author Posted August 1, 2017 (edited) @Jos Thanks again for your help on this however I have some domain groups that have a "_" in the name that aren't being removed from the local admin group even when the group is not in the exception list ($sKeepsNames variable). Exp: group name is "pds_plantdesign_desktop_admin" #RequireAdmin #include <Array.au3> #include <StringConstants.au3> $sKeepNames = "(DOMAIN-USA/" & @ComputerName & "/pxadmin)" ;RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE) Local $oGroup, $aUsers[1] = [""] $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group") If IsObj($oGroup) Then For $member In $oGroup.Members _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8))) Next EndIf $aUsers[0] = UBound($aUsers) - 1 ;_ArrayDisplay($aUsers) For $i = 1 To $aUsers[0] ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $aUsers[$i] = ' & $aUsers[$i] & @CRLF) ;### Debug Console If Not StringRegExp($sKeepNames, "(?i)" & $aUsers[$i]) Then ;<-- Added case-insensitive "(?i)" $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1)) ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE) RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Else ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : Skipped ' & $aUsers[$i] & @CRLF) ;### Debug Console EndIf Next Edited August 1, 2017 by antmar904
Developers Jos Posted August 1, 2017 Developers Posted August 1, 2017 You need to provide a little info and maybe bring it back to something simple that shows your issue. This simple excerpt of your script returns a 0 for me which means it is not in the $sKeepNames list: $sKeepNames = "(DOMAIN-USA/" & @ComputerName & "/pxadmin)" $testname = "DOMAIN-USA/pds_plantdesign_desktop_admin" ConsoleWrite('! StringRegExp($sKeepNames, "(?i)" & $testname) = ' & StringRegExp($sKeepNames, "(?i)" & $testname) & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Assume you changed the $sKeepNames before posting as it looks strange having a domain and @Compurename concatenated. Either way, update the simple test script to something that actually goes wrong ( return a 1 when it shouldn't) so we can test. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted August 1, 2017 Author Posted August 1, 2017 (edited) I'm getting error code 0 but the group still remains. @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/PDS_PlantDesign_Desktop_Admin @@ Debug(26) : cmd = C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "PDS_PlantDesign_Desktop_Admin" /delete >Error code: 0 Ill test your script in a little bit, have to run out. We have the domain and computer name truncated because that is a local account we want to keep and that is what is returned by the array. #RequireAdmin #include <Array.au3> #include <StringConstants.au3> $sKeepNames = "(DOMAIN-USA/" & @ComputerName & "/pxadmin)" ;<--- Local account. ;RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE) Local $oGroup, $aUsers[1] = [""] $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group") If IsObj($oGroup) Then For $member In $oGroup.Members _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8))) Next EndIf $aUsers[0] = UBound($aUsers) - 1 _ArrayDisplay($aUsers) For $i = 1 To $aUsers[0] ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $aUsers[$i] = ' & $aUsers[$i] & @CRLF) ;### Debug Console If Not StringRegExp($sKeepNames, "(?i)" & $aUsers[$i]) Then ;<-- Added case-insensitive "(?i)" $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1)) ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE) RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Else ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : Skipped ' & $aUsers[$i] & @CRLF) ;### Debug Console EndIf Next Edited August 1, 2017 by antmar904
Developers Jos Posted August 1, 2017 Developers Posted August 1, 2017 (edited) 8 minutes ago, antmar904 said: @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/PDS_PlantDesign_Desktop_Admin @@ Debug(26) : cmd = C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "PDS_PlantDesign_Desktop_Admin" /delete Without the domain prefix in the Net command? 8 minutes ago, antmar904 said: We have the domain and computer name truncated because the is a local account we want to keep and that is what is returned by the array. Don't understand this, but do understand that the formed literal string is wrong in that statement... eg when the hostname is ABC it will look like: $sKeepNames = "(DOMAIN-USA/ABC/pxadmin)" ;<--- Local admin account. This doesn't look right ....agree? Jos Edited August 1, 2017 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted August 1, 2017 Author Posted August 1, 2017 yes, it works for other groups without "_" and just spaces. This works: @@ Debug(21) : $aUsers[$i] = DOMAIN-USA/ihisdskadm @@ Debug(26) : cmd = C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "ihisdskadm" /delete >Error code: 0
Developers Jos Posted August 1, 2017 Developers Posted August 1, 2017 Sorry was still updating the previous post... Anyways, i still think the domainname should be included in the commandline or not? Did you try these manually yourself from the commandline:? C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "PDS_PlantDesign_Desktop_Admin" /delete C:\WINDOWS\system32\cmd.exe /c net localgroup Administrators "DOMAIN\PDS_PlantDesign_Desktop_Admin" /delete Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
antmar904 Posted August 1, 2017 Author Posted August 1, 2017 1 hour ago, Jos said: Without the domain prefix in the Net command? Don't understand this, but do understand that the formed literal string is wrong in that statement... eg when the hostname is ABC it will look like: $sKeepNames = "(DOMAIN-USA/ABC/pxadmin)" ;<--- Local admin account. This doesn't look right ....agree? Jos This is what's returned in the Array:
Developers Jos Posted August 1, 2017 Developers Posted August 1, 2017 Did you also see the last post? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now