My thanks goes out to all who have contributed to my efforts. We have resolved the problem by running the results of the userstat.exe through a little perl script that sorts out which users have not logged on in the last 90 days or have never logged on. The output of this script is then bought into the NetAdmin module and the disable is executed. The script to sort the users is listed below and by reviewing the discussion threads since my initial request you will find the base for disabling the users through NetAdmin. Thank you again for your time, effort, and knowledge!
#!/usr/bin/perl -w
use strict;
use Data::Dumper;
use Time::Local;
$| = 1;
my %moy = ( jan => 0,
feb => 1,
mar => 2,
apr => 3,
may => 4,
jun => 5,
jul => 6,
aug => 7,
sep => 8,
'oct' => 9,
nov => 10,
dec => 11
);
my %logins;
open STUFF, "new7.txt" or die "Couldn't open new7.txt: $!\n";
while ( <STUFF> ) {
chomp;
next if /^\s*$/ || /Users at/;
$_ = lc $_;
s/^\s+//;
s/\s+/ /g;
my ( $user, $time ) = split /logon:/;
$time =~ s/^\s*//;
my ( $uname, $fname ) = split( /-/, $user, 2 );
$fname =~ s/^\s*//;
if ( $time && $time !~ /never/ ) {
my ( $dow, $month, $date, $dtime, $year ) = split / /, $time;
my ( $hour, $min, $sec ) = split /:/, $dtime;
$time = timelocal( $sec, $min, $hour, $date, $moy{$month}, $year );
}
else {
$time = 0;
}
if ( defined( $logins{ $uname } ) ) {
push @{$logins{$uname}{TIME}}, $time;
}
else {
$logins{$uname} = { NAME => $fname,
TIME => [ $time ]
};
}
}
close STUFF;
#---
# We have loaded the data, now lets display the data
#---
my $deadtime = time - (90 * 24 * 60 *60);
print "Total number of users: ", scalar( keys %logins ), "\n";
LOGON:
for ( keys %logins ) {
my @times = sort { $b <=> $a } @{$logins{$_}{TIME}};
if ( $times[-1] <= $deadtime ) {
print "$_ hasn't logged in for 90 days\n";
}
}
Jonathan Keevis
Information Security
FRAS - Richmond
(804) 697-3761
"We can't get there from here..."
| "Grant Hopwood" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 07/12/01 09:18 AM
|
To: <[EMAIL PROTECTED]> cc: <[EMAIL PROTECTED]> Subject: RE: WIN32::NetAdmin - Disabling an account through PERL |
-start-
> "Kirk W. Batzer" <[EMAIL PROTECTED]>
>at 07/11/2001 09:26 PM
>Mote:
>If you have more than one "Domain Controller". Such as a PDC with one or
>more BDC's. The "Last-Logon date" for a user account does not
>necessarily reflect the last time the user logged on. You need to check
>the "Last logon date" on each domain controller. The Last Logon Date is
>not replicated to the other domain controllers. A user can be Logon
>authenticated by any domain controller.
>You need to poll each domain controller. You can set this up through the
>Scheduler to run daily and poll each DC and load the results into a DB.
>The DB insert criteria can use the most recent "Last Logon Date"
Yes. That is what usrstat.exe does.
>Also if a user doesn't logon, yet accesses recourses in the Domain, the
>Last logon Date is not updated on any of the domain controllers. This
>can happen if a user uses a local machine logon account, yet access
>domain resources by supplying credentials of a domain account. This can
>be done to access exchange email or LAN shares without performing a
>domain logon.
>This is also a way of circumventing domain logon scripts. Nasty things.
This is the exact reason for the second solution I provided. We have
strict security guidelines. There is no reason someone on our network
should be circumventing a network login or accessing resources without
logging in. Their account is disabled after xx amount of days with no
exceptions, and deleted after yy amount of days.
>Also, Win98, WinME and others W9x may not always use a domain logon to
>access domain resources. This depends on how they set up their windows
>accounts.
We don't use win98x.
>Therefore, using the Last Logon Date alone, is not a foolproof way to
>determine if an NT/W2K Domain account is being used or not.
Grant Hopwood.
Valero Energy Corp.
(210)370-2380
PGP Public Key: Ldap://certserver.pgp.com
nuclear iraq bioweapon encryption cocaine korea terrorist
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
