|
Introduction
As the desire and need for the Internet grew, Microsoft created new products and modified its old ones. Windows OS required features that gave developers and administrators the option to perform tasks remotely. Microsoft responded in part with Active Directory Services Interface (ADSI). ADSI provides a single set of directory interfaces for accessing and managing network resources. So for instance, an administrator could change user permissions or add a user to a network, independent of network environment, using a Web interface or a VB program.
Caveat
Please keep in mind that you are going to modify the basics of the Windows NT security model. You should be very alert when dealing with ADSI. Keep in mind that a simple mistype could mean reformatting and reinstalling your system. Don't do it on a operational machine! Please know that I have tried to make the following code as accurate as possible. Yet I can't guarantee their outcome. So please don't just copy and paste. I know it is very attractive, but it could cause you to spend the next couple of hours looking at a very appealing Windows installation screen.
Windows Security Account Manager
The Security Account Manager (SAM) is the portion of Windows which registers and holds all user information and knows all the default configuration settings. Our first meeting with SAM entails the process of creating a user. This applies to Windows 2000 as well as Windows NT 4.0.
NOTE: In order for the following code to work, administrator rights are required.
Adding A User to The SAM
<%
1. AddUser "newuser","mydomain"
2.
3. Sub AddUser(strUser,strDomain)
4. Dim Computer
5. Dim User
6.
7. Set Computer = Getobject("WinNT://" & strDomain)
8. Set User = computer.create("User",strUser)
9. User.setinfo
10.
11. Set User = nothing
12. Set computer = nothing
13. End sub
%>
This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.
<%
1. AddUser "newuser","mydomain","New user","adsi","Our best employee"
2.
3. Sub AddUser(strUser,strDomain,strFullname,strPassword,strDesc)
4. Dim Computer
5. Dim User
6.
7. Set Computer = Getobject("WinNT://" & strDomain)
8. Set User = computer.create("User",strUser)
8. User.fullname = strFullname
9. User.Description = strDesc
10. call User.SetPassword(strPassword)
11. User.setinfo
12.
13. Set User = nothing
14. Set computer = nothing
15. End sub
%>
As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].
Next stop is the userflags. These control options such as "Password Never Expires" and "Account Disabled".
<%
1. UserFlags "newuser","mydomain",0,False,True,True,True
2.
3. Sub UserFlags(strUser,strDomain,strPassexpires,strNochange,strNoexpire, & _
strDisable,strLocked)
4. Dim User
5. Dim Flags
6.
7. Set User = Getobject("WinNT://" & strDomain & "/" & strUser & ",user")
8. Flags = User.Get("UserFlags")
9.
10. User.put "PasswordExpired",strPassexpires
11. User.Accountdisabled = strDisable
12. if strNochange = "true" then
13. User.put "UserFlags", Flags OR &H00040
14. End if
15. If strNoexpire = "true" then
16. User.put "Userflags", flags OR &H10000
17. end if
18. User.IsAccountLocked = strLocked
19.
20. Set User = nothing
21. End sub
%>
In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.
So now we have a new user with all the default settings. Maybe this is enough for your home situation, but many companies want to set more boundaries for their users. Also, a lot of companies have the personal settings of their users stored on a separate network drive. ADSI allows you to make sure your new users have the same configuration as every other employee.
<%
1. userconfig "newuser","mydomain","c:\myprofiles\","myscript.cmd","c:\","z:\", & _
#mm/dd/yyyy#,"true"
2.
3. sub userconfig(strUser,strDomain,strProfile,strScript,strHomedir, & _
strHomedirdrive,strAccountexpire,strPassrequired)
4. Dim User
5. Dim Flags
6.
7. Set User = Getobject("WinNT://" & strDomain & "/" & strUser & ",user")
8.
9. User.Profile = strProfile
10. User.LoginScript = strScript
11. User.Homedirectory = strHomedir
12. User.Put("HomeDirDrive"),strHomedirdrive
13. User.AccountExpirationDate = strAccountexpire
14. User.Passwordrequired = strPassrequired
15.
16. Set User = nothing
17. end sub
%>
Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!
Look out for little mistakes and adjust the code so it applies to your situation. Just in case: I cannot be held responsible for any damage that could occur before, during or after implementing and using this code.
<%
1. AddUser "newuser","mydomain","New user","adsi","Our best employee"
2. UserFlags "newuser","mydomain",0,False,True,True,True
3. userconfig "newuser","mydomain","c:\myprofiles\","myscript.cmd","c:\","z:\", & _
#mm/dd/yyyy#,"true"
4.
5.
6. Sub AddUser(strUser,strDomain,strFullname,strPassword,strDesc)
7. Dim Computer,User
8. Set Computer = Getobject("WinNT://" & strDomain)
9. Set User = computer.create("User",strUser)
10. User.fullname = strFullname
11. User.Description = strDesc
12. call User.SetPassword(strPassword)
13. User.setinfo
14.
15. Set User = nothing
16. Set computer = nothing
17. End sub
18.
19. Sub UserFlags(strUser,strDomain,strPassexpires,strNochange,strNoexpire, & _
strDisable,strLocked)
20. Dim User,Flags
21. Set User = Getobject("WinNT://" & strDomain & "/" & strUser & ",user")
22. Flags = User.Get("UserFlags")
23. User.put "PasswordExpired",strPassexpires
24. User.Accountdisabled = strDisable
25. if strNochange = "true" then
26. User.put "UserFlags", Flags OR &H00040
27. End if
28. If strNoexpire = "true" then
29. User.put "Userflags", flags OR &H10000
30. end if
31. User.IsAccountLocked = strLocked
32.
33. Set User = nothing
34. End sub
35.
36. Sub userconfig(strUser,strDomain,strProfile,strScript,strHomedir, & _
strHomedirdrive,strAccountexpire,strPassrequired)
37. Dim User,Flags
38. Set User = Getobject("WinNT://" & strDomain & "/" & strUser & ",user")
39. User.Profile = strProfile
40. User.LoginScript = strScript
41. User.Homedirectory = strHomedir
42. User.Put("HomeDirDrive"),strHomedirdrive
43. User.AccountExpirationDate = strAccountexpire
44. User.Passwordrequired = strPassrequired
45.
46. Set User = nothing
47. End sub
%>
About the Author
Remie Bolte is a student at communicatiesystemen in the Netherlands. He has experience with VB, ASP, VBScript and SQL. His goal in life is to clean up the Internet and show people how it can benefit their needs. Remie can be reached at r.bolte@vinrem.nl.
|
