Vbscript runas for validating credentials
I found a Windows KB article that mentioned Force Guest settings in the registry.If Force Guest is set to 1 ( force it), if the guest account is disabled, nothing will validate.
• If the Guest account is disabled, an SSPI logon will fail even for valid credentials.If the guest account is enabled, anything will validate.If you set Force Guest to 0, then SSPLogon will act as expected.To use this method on Windows 95, Windows 98, and Windows Millennium Edition, you also have to enable the NTLM security services by opening Control Panel, Network, Access Control, and then selecting User-level access control.On Windows XP, the Force Guest registry value is set to 1 by default in the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Lsa On a Windows XP computer that is a member of a workgroup: • If Force Guest is enabled (set to 1), SSPI will always try to log on using the Guest account.Filter = Array("group") For Each obj Group In col Groups Wscript. SSPLogon would say machine, user, password combonation was invalid, even though I knew them to be correct.
Also of interest, on another machine SSPLogon would accept any entry as valid regardless of its accuracy.
[HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Lsa] "forceguest"=dword:00000000 On my Win2k3 box the registry key is present and it is set to 0 (zero).
I found a Windows KB article "Q180548" that mentioned Force Guest settings in the registry.
scid=kb;en-us; Q180548 How To Validate User Credentials from Visual Basic by Using SSPI
* Must be used with option /USER, /GROUPS, /PRIV or/LOGONID Samples are as follows: WHOAMI WHOAMI /ALL WHOAMI /USER /SID WHOAMI /GROUPS WHOAMI /GROUPS /NOVERBOSE WHOAMI /USER /GROUPS /SID WHOAMI /PRIV /NOVERBOSE WHOAMI /USER /GROUPS /PRIV WHOAMI /HELP How To Validate User Credentials on Microsoft Operating Systems
I have been using the chklogon utility I picked up on Install Site, but it doesn't seem to work on XP or 2003, or if the credentials supplied are for a domain account and not a local account. Any further advice to offer (sorry for being such a leech). Make sure you have the correct computername, correct username and password, and that it is a local account. computername username password To detect if a user has admin rights, you can check to see if the user belongs to the group "BUILTIN\Administrators" Try porting the scripts below to Install Script code. I've been trying to use the scripting suggestions, but the script fails (trips a fatal error) when trying to run the project.