Ubuntu OpenVPN Instanz unter AWS einrichten (Step-by-Step)
18. Dezember 2018Internetzugriff für AWS Instanzen gefällig?
28. Dezember 2018Skriptgesteuert unberechtigte Benutzer aus lokaler Admingruppe entfernen
Wer unabhängig von Gruppenrichtlinien unberechtigte Benutzer aus der lokale Adminigruppe entfernen möchte, benötigt ein Skript oder eine Anwendung die diese Funktionalität bereitstellt. Unser VBS Skript RemoveUnauthorizedMembers setzt keine Active Directory Mitgliedschaft voraus und kann individuell eingesetzt und nach den eigenen Vorgaben angepasst werden.
Code
Inhalt
AnleitungCode
Ressourcen
RemoveUnauthorizedMembers.zipAnleitung
Schriit 1: Ausnahmen zur exclusions.ini hinzufügen
Schritt 2: Test Konto zur lokalen Admingruppe hinzufügen
Schritt 3: Skript mit erhöhten Admin Rechten ausführen "cscript removeauthorizedusers.vbs force":
Schritt 4: Kontrolle der lokalen Admingruppe - Test Konto wurde entfernt!
Schritt 5: ...und das Eventlog überprüfen
Code
Exclusion.ini
; EXCLUSION File ; definiert die Ausnahmen, Gruppen oder einzelne Benutzer, ; die nicht aus der lokalen Administratorengruppe entfernt werden sollen ; ; unter ; [GLOBAL] - Ausschlüsse gelten für alle Maschinen ; [HOSTNAME] - Ausschlüsse gelten zusätzlich nur für die definierte Maschine [GLOBAL] EXCLUDE=Administrator;admin [COMPUTERNAME] EXCLUDE=
RemoveUnauthorizedUsers.vbs
On Error Resume Next
Const ExclusionListINI = "exclusions.ini" '!!!!EXCLUSION LIST Path and Filename
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Const TristateTrue = -1
Const TristateFalse = 0
Const EVENT_SUCCESS = 0
Const EVENT_ERROR = 1
Const EVENT_WARNING = 2
Set objArgs = WScript.Arguments
strArgument = LCase(objArgs(0))
If objArgs.count > 1 Then
wsh.echo "Main: Wrong number of command line parameters provided. Exiting Script..."
WScript.Quit
End If
Select Case UCase(strArgument)
Case "FORCE"
If (FileExists(ExclusionListINI)=0) Then
DeleteUnauthorizedAdminMembers(ExclusionListINI)
Else
CreateEventLog "RemoveUnauthorizedMembers: missing exclusion file: "&ExclusionListINI&"! No members were removed", EVENT_ERROR
wsh.echo "Exclusionfile not found. Aborting script ..."
End If
WScript.Quit
Case Else
wsh.echo "Main: Unknown or no action provided "
wsh.echo "type ""RemoveUnauthorizedMembers force"" to start script"
WScript.Quit
End Select
Sub DeleteUnauthorizedAdminMembers(ByRef ExclusionFile)
'/////////////////////////////////////////////////
'// Removes all members in local admin group with
'// no definition in Exclusion List
Dim objINIDict,arrKeys,strSection
Set objINIDict = INItoDict (ExclusionFile, "INI")
arrExclusionList = objINIDict.Keys
For y = 0 To Ubound(arrExclusionList)
strSection=arrExclusionList(y)
if (UCase(strSection) = UCase(GetComputerName)) Then
strExclusions = objINIDict.Item(strSection).Item("EXCLUDE").Value
Exit For
End If
Next
arrExclusions = Split(strExclusions, ";")
sAdmGrpName = GetAdminGroupName
arrLocalAdmGroup = ListLocalGroupMembers(sAdmGrpName)
arrGlobal = Split(objINIDict.Item("GLOBAL").Item("EXCLUDE").Value,";")
arrA = SortArray(arrLocalAdmGroup)
arrB = SortArray(arrExclusions)
arrC = SortArray(arrGlobal)
For i = 0 to UBound(arrA)
For x = 0 to UBound(arrC)
For j = 0 to UBound(arrB)
hExists = False
if (UCase(arrA(i)) = UCase(arrB(j))) Then
hExists = True
Exit For
End If
Next
hExists = False
If (UCase(arrA(i)) = UCase(arrC(x))) Then
hExists = True
Exit For
End If
Next
If not hExists Then
If arrA(i) <> "" Then
DeleteGroupMember sAdmGrpName,arrA(i)
End If
End If
Next
End Sub
Sub CreateEventLog(ByRef Message,ByRef ErrCode)
'/////////////////////////////////////////
'// Creates an EventLog entry
Set objShell = Wscript.CreateObject("Wscript.Shell")
objShell.LogEvent ErrCode, Message
End Sub
Function FileExists(Fname)
'/////////////////////////////////////
'// check if file really exists
Set fs = CreateObject("Scripting.FileSystemObject")
if fs.FileExists(Fname) = False then
FileExists = -1
else
FileExists = 0
end if
Set fs = Nothing
end Function
Function GetComputerName
'////////////////////////////////////////
'// Returns current computername
Set objWSHNetwork = CreateObject("WScript.Network")
GetComputerName = objWSHNetwork.ComputerName
End Function
Function GetAdminGroupName
'//////////////////////////////////////////////////////////
'// Returns name of local administrators group
Set computer = GetObject("WinNT://.")
computer.Filter = Array("group")
For Each group in computer
if (UCase(group.name)="ADMINISTRATOREN") Then GetAdminGroupName = "Administratoren"
if (UCase(group.name)="ADMINISTRATORS") Then GetAdminGroupName = "Administrators" End If
Next
End Function
Function ListLocalGroupMembers(ByRef GroupName)
'///////////////////////////////////////////////////
'// Returns all members in GroupName
Set computer = GetObject("WinNT://.")
Set group = computer.GetObject("group",GroupName)
For Each user in group.Members
arrList = arrList&UCase(user.Name)&";"
Next
arrList = Split(arrList, ";")
ListLocalGroupMembers = arrList
End Function
Sub DeleteGroupMember(ByRef GroupName, ByRef ObjToDel)
'///////////////////////////////////////////////////////
'// removes an object in Groupname and creates
'// Eventlog entry
On Error Resume Next
set oGroupAdm = GetObject("WinNT://./"&GroupName)
For Each oAdmGrpUser In oGroupAdm.Members
sAdmGrpUser = lCase(oAdmGrpUser.Name)
if (sAdmGrpUser = lCase(ObjToDel)) Then
oGroupAdm.Remove oAdmGrpUser.ADsPath
If (Err.Number<>0) Then
CreateEventLog "RemoveUnauthorizedMembers("&Err.Number&"): Could not remove "&objToDel&" from group "&GroupName,EVENT_WARNING
wsh.echo Err.Number&" Could not remove "&objToDel&" from group "&GroupName
Else
CreateEventLog "RemoveUnauthorizedMembers: "&objToDel&" succesfully removed from "&GroupName&" group.",EVENT_SUCCESS
wsh.echo objToDel&" succesfully removed from "&GroupName&" group."
End If
Err.Clear
End If
Next
End Sub
Function SortArray(arrSort)
'///////////////////////////////////
'// sorts an array
For i = 0 to Ubound(arrSort)
arrSort(i)= StringToBin(arrSort(i))
Next
arrSorted = bubblesort(arrSort)
For j = 0 to UBound(arrSorted)
arrSort(j)=BinToString(arrSorted(j))
Next
SortArray=arrSort
End Function
function bubblesort(arrSortieren)
'//////////////////////////////////////////
'// bubble sort algorithm
for i = 0 to ubound(arrSortieren)
for j = i + 1 to ubound(arrSortieren)
if arrSortieren(i) > arrSortieren(j) then
arrTemp = arrSortieren(i)
arrSortieren(i) = arrSortieren(j)
arrSortieren(j) = arrTemp
end if
next
next
bubblesort = arrSortieren
end function
Function StringToBin(str)
'////////////////////////////////////
'// Converts a string to bin
Dim result, x
StringToBin = ""
If Len(str)=0 Then Exit Function
If Len(str)=1 Then
result = Asc(Mid(str, 1, 1))
StringToBin = Left("000", 3-Len(CStr(result))) & CStr(result)
Exit Function
End If
result = ""
For x=1 To Len(str)
result = result & StringToBin(Mid(str, x, 1))
Next
StringToBin = result
End Function
Function BinToString(str)
'//////////////////////////////////
'// Converts bin code to string
Dim result, x
BinToString = ""
If Len(str)<3 Then Exit Function
If Len(str)=3 Then
BinToString = Chr(CInt(str))
Exit Function
End If
result = ""
For x=1 To Len(str) Step 3
result = result & BinToString(Mid(str, x, 3))
Next
BinToString = result
End Function
'///////////////////////////////////////////////////////////////////////////////
'/ "ParseINItoDict" reads a complete INI file and adds content to a dictionary object
'/ ----------------------------------------------
Function INItoDict(ByVal strIniFilePath,ByVal strIdent)
Dim ParseAINI, blnFoundSection, strSection, objFSO
Dim intEquals, sKey, sVal, i, sLine, tsIni, tsTest, objINIEntry
'On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
blnFoundSection = False
If IsEmpty(strIdent) Then
strIdent = ""
End If
Err.Clear
If objFSO.FileExists(strIniFilePath) Then
Set tsTest = objFSO.OpenTextFile(strIniFilePath)
Set INItoDict = CreateObject("Scripting.Dictionary")
If Not tsTest.AtEndOfStream Then
sLine = tsTest.ReadLine
tsTest.Close
If IsUnicode(sLine) = vbTrue Then
Set tsIni = objFSO.OpenTextFile(strIniFilePath,ForReading,vbFalse,TristateTrue)
Else
Set tsIni = objFSO.OpenTextFile(strIniFilePath,ForReading,vbFalse,TristateFalse)
End If
Else
Exit Function
End If
Do While Not tsIni.AtEndOfStream
sLine = ""
sLine = Trim(tsIni.ReadLine)
If sLine <> "" Then
If Left(sLine,1) <> ";" Then
If Left(sLine,1) = "[" Then
blnFoundSection = True
strSection = Left(sLine, Len(sLine) - 1)
strSection = Right(strSection, Len(strSection) - 1)
Set ParseAINI = CreateObject("Scripting.Dictionary")
INItoDict.Add UCase(strSection), ParseAINI
Else
'key and value logic
intEquals = InStr(1, sLine, "=")
If (intEquals <= 1) Then
'line is invalid => skip
Else
'line is invalid
sKey = Replace(Left(sLine, intEquals - 1),vbTab,"")
sVal = Replace(Right(sLine, Len(sLine) - intEquals),vbTab,"")
Set objINIEntry = New INIEntry
objINIEntry.Name = LCase(sKey)
objINIEntry.Value = Trim(sVal)
objINIEntry.OU = strIdent
objINIEntry.SourcePath = strIniFilePath
Err.Clear
ParseAINI.Add Trim(UCase(sKey)), objINIEntry
If Err.Number <> 0 Then
End If
End If
End If
End If
End If
Loop
tsIni.Close
Set tsIni = Nothing
If blnFoundSection = False Then
Set INItoDict = CreateObject("Scripting.Dictionary")
End If
Else
Set INItoDict = CreateObject("Scripting.Dictionary")
End If
End Function
Function IsUnicode(stringValue)
IsUnicode = False
If Left(stringValue,2)="ÿþ" Then
IsUnicode = True
End If
End Function
Class INIEntry
Public Name
Public Value
Public OU
Public SourcePath
End Class
