BullGates Posted June 30, 2007 Share Posted June 30, 2007 (edited) Hello, I'm currently creating a script to run as service that let's users mount USB storage devices if user belongs to a certain membership. It seems to be working according to some tests I've made, but only if the computer is connected to the domain, if the computer is offline the service in certain conditions hangs - I believe due to some error on the adfunctions.au3. Any idea on how can I protect my routines from the adfunctions.au3 errors? Thanks in advance! expandcollapse popupOpt("TrayIconHide", 1) Opt("RunErrorsFatal", 0) #include"adfunctions.au3" #include"ServiceControl.au3" #include <file.au3> Global $UserOnline, $USBAccess, $Mode, $DCList, $x Global $INTERNET_CONNECTION_LAN = 0X02 Dim $aDllRet $InfPath = @WindowsDir & "\Inf\" $ADGroup = "Domain_USBAccess" $RegKeyCheck = "HKEY_LOCAL_MACHINE\SOFTWARE\USBAccess\" While 1 = 1 VerifyUserLogged() ModeVerify();used to protect against offline mode (to avoid adfunctions.au3 errors) If $Mode = "Connected" And $UserOnline <> "" Then; to exclude when service is running without user loggedon $x = _ADListDomainControllers ($DCList) If $DCList[0] > 0 Then; this is possibly the problem when it hangs (but I don't have any idea on how to do it in other way) Sleep(1000) $IsMemberUSB = _ADIsMemberOf ($ADGroup, $UserOnline) $USBAccess = RegRead($RegKeyCheck, "USBAccess") If @error = 1 Then RegWrite($USBAccess, "USBAccess", "REG_DWORD", 0) ForceAccessState() EndIf ; I just need to check this from time to time Sleep(600000) Else EndIf WEnd Func VerifyUserLogged() $UserOnline = RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\", "AltDefaultUserName") EndFunc ;==>VerifyUserLogged Func ForceAccessState() ; Disable USB if user is not member of USB AD group, and last user had USB access! If $IsMemberUSB = False And $USBAccess = "1" Then DisableUSBAccess() EndIf ; Disable USB if user is not member of USB AD group, and last user doesn't had USB access! If $IsMemberUSB = False And $USBAccess = "0" Then DisableUSBAccess() EndIf ; Enable USB access if user is supposed to have it, but it doesn't! If $IsMemberUSB = True And $USBAccess = "0" Then EnableUSBAccess() EndIf EndFunc ;==>ForceAccessState Func DisableUSBAccess() If FileExists($InfPath & "USBSTOR.INF") Then FileMove($InfPath & "USBSTOR.INF", $InfPath & "USBSTOR.INF_") If FileExists($InfPath & "USBSTOR.PNF") Then FileMove($InfPath & "USBSTOR.PNF", $InfPath & "USBSTOR.PNF_") RegWrite($RegKeyCheck, "USBAccess", "REG_DWORD", 0) RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\", "Start", "REG_DWORD", 4) EndFunc ;==>DisableUSBAccess Func EnableUSBAccess() If FileExists($InfPath & "USBSTOR.INF_") Then FileMove($InfPath & "USBSTOR.INF_", $InfPath & "USBSTOR.INF") If FileExists($InfPath & "USBSTOR.PNF_") Then FileMove($InfPath & "USBSTOR.PNF_", $InfPath & "USBSTOR.PNF") RegWrite($RegKeyCheck, "USBAccess", "REG_DWORD", 1) RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\", "Start", "REG_DWORD", 3) EndFunc ;==>EnableUSBAccess Func ModeVerify() $aDllRet = DllCall("winnet.dll", "int", "InternetGetConnectedState", "long_ptr", 0, "long", 0) If Not @error And $aDllRet[0] <> 0 Then $nConnectedState = $aDllRet[1] EndIf $aDllRet = DllCall(@SystemDir & "\wininet.dll", "int", "InternetGetConnectedStateEx", "long_ptr", 0, "str", "", "long", 512, "long", 0) $nConnectedState = $aDllRet[1] If BitAND($nConnectedState, $INTERNET_CONNECTION_LAN) Then $Mode = "Connected" Else $Mode = "NotConnected" EndIf EndFunc ;==>ModeVerify Edited June 30, 2007 by BullGates [topic="51913"]Restrict USB Storage usage to group membership[/topic] * [topic="48699"]Using nircmd library[/topic] * Some admin notes Link to comment Share on other sites More sharing options...
BullGates Posted June 30, 2007 Author Share Posted June 30, 2007 Hello, I'm currently creating a script to run as service that let's users mount USB storage devices if user belongs to a certain membership. It seems to be working according to some tests I've made, but only if the computer is connected to the domain, if the computer is offline the service in certain conditions hangs - I believe due to some error on the adfunctions.au3. Any idea on how can I protect my routines from the adfunctions.au3 errors? Thanks in advance! expandcollapse popupOpt("TrayIconHide", 1) Opt("RunErrorsFatal", 0) #include"adfunctions.au3" #include"ServiceControl.au3" #include <file.au3> Global $UserOnline, $USBAccess, $Mode, $DCList, $x Global $INTERNET_CONNECTION_LAN = 0X02 Dim $aDllRet $InfPath = @WindowsDir & "\Inf\" $ADGroup = "Domain_USBAccess" $RegKeyCheck = "HKEY_LOCAL_MACHINE\SOFTWARE\USBAccess\" While 1 = 1 VerifyUserLogged() ModeVerify();used to protect against offline mode (to avoid adfunctions.au3 errors) If $Mode = "Connected" And $UserOnline <> "" Then; to exclude when service is running without user loggedon $x = _ADListDomainControllers ($DCList) If $DCList[0] > 0 Then; this is possibly the problem when it hangs (but I don't have any idea on how to do it in other way) Sleep(1000) $IsMemberUSB = _ADIsMemberOf ($ADGroup, $UserOnline) $USBAccess = RegRead($RegKeyCheck, "USBAccess") If @error = 1 Then RegWrite($USBAccess, "USBAccess", "REG_DWORD", 0) ForceAccessState() EndIf ; I just need to check this from time to time Sleep(600000) Else EndIf WEnd Func VerifyUserLogged() $UserOnline = RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\", "AltDefaultUserName") EndFunc ;==>VerifyUserLogged Func ForceAccessState() ; Disable USB if user is not member of USB AD group, and last user had USB access! If $IsMemberUSB = False And $USBAccess = "1" Then DisableUSBAccess() EndIf ; Disable USB if user is not member of USB AD group, and last user doesn't had USB access! If $IsMemberUSB = False And $USBAccess = "0" Then DisableUSBAccess() EndIf ; Enable USB access if user is supposed to have it, but it doesn't! If $IsMemberUSB = True And $USBAccess = "0" Then EnableUSBAccess() EndIf EndFunc ;==>ForceAccessState Func DisableUSBAccess() If FileExists($InfPath & "USBSTOR.INF") Then FileMove($InfPath & "USBSTOR.INF", $InfPath & "USBSTOR.INF_") If FileExists($InfPath & "USBSTOR.PNF") Then FileMove($InfPath & "USBSTOR.PNF", $InfPath & "USBSTOR.PNF_") RegWrite($RegKeyCheck, "USBAccess", "REG_DWORD", 0) RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\", "Start", "REG_DWORD", 4) EndFunc ;==>DisableUSBAccess Func EnableUSBAccess() If FileExists($InfPath & "USBSTOR.INF_") Then FileMove($InfPath & "USBSTOR.INF_", $InfPath & "USBSTOR.INF") If FileExists($InfPath & "USBSTOR.PNF_") Then FileMove($InfPath & "USBSTOR.PNF_", $InfPath & "USBSTOR.PNF") RegWrite($RegKeyCheck, "USBAccess", "REG_DWORD", 1) RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\", "Start", "REG_DWORD", 3) EndFunc ;==>EnableUSBAccess Func ModeVerify() $aDllRet = DllCall("winnet.dll", "int", "InternetGetConnectedState", "long_ptr", 0, "long", 0) If Not @error And $aDllRet[0] <> 0 Then $nConnectedState = $aDllRet[1] EndIf $aDllRet = DllCall(@SystemDir & "\wininet.dll", "int", "InternetGetConnectedStateEx", "long_ptr", 0, "str", "", "long", 512, "long", 0) $nConnectedState = $aDllRet[1] If BitAND($nConnectedState, $INTERNET_CONNECTION_LAN) Then $Mode = "Connected" Else $Mode = "NotConnected" EndIf EndFunc ;==>ModeVerifyOh well, maybe it's not the best way, but I'll ping the domain, and I'll only enter the AD routines if the ping is successful; any other idea is welcome... [topic="51913"]Restrict USB Storage usage to group membership[/topic] * [topic="48699"]Using nircmd library[/topic] * Some admin notes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now