Ubuntu OpenVPN Instanz unter AWS einrichten (Step-by-Step)
18. Dezember 2018
Internetzugriff für AWS Instanzen gefällig?
28. Dezember 2018

Skriptgesteuert unberechtigte Benutzer aus lokaler Admingruppe entfernen

Wer unabhängig von Gruppenrichtlinien unberechtigte Benutzer aus der lokale Adminigruppe entfernen möchte, benötigt ein Skript oder eine Anwendung die diese Funktionalität bereitstellt. Unser VBS Skript RemoveUnauthorizedMembers setzt keine Active Directory Mitgliedschaft voraus und kann individuell eingesetzt und nach den eigenen Vorgaben angepasst werden.

Inhalt

Anleitung
Code

Ressourcen

RemoveUnauthorizedMembers.zip

Anleitung


Schriit 1: Ausnahmen zur exclusions.ini hinzufügen

Schritt 2: Test Konto zur lokalen Admingruppe hinzufügen

Schritt 3: Skript mit erhöhten Admin Rechten ausführen "cscript removeauthorizedusers.vbs force":

Schritt 4: Kontrolle der lokalen Admingruppe - Test Konto wurde entfernt!

Schritt 5: ...und das Eventlog überprüfen

Code

Exclusion.ini
; EXCLUSION File
; definiert die Ausnahmen, Gruppen oder einzelne Benutzer,
; die nicht aus der lokalen Administratorengruppe entfernt werden sollen
; 
; unter 
;  [GLOBAL]   - Ausschlüsse gelten für alle Maschinen
;  [HOSTNAME] - Ausschlüsse gelten zusätzlich nur für die definierte Maschine

[GLOBAL]
EXCLUDE=Administrator;admin
[COMPUTERNAME]
EXCLUDE=
RemoveUnauthorizedUsers.vbs
On Error Resume Next

Const ExclusionListINI = "exclusions.ini"  '!!!!EXCLUSION LIST  Path and Filename 

Const ForReading = 1, ForWriting = 2, ForAppending = 8
Const TristateTrue = -1
Const TristateFalse = 0 
Const EVENT_SUCCESS = 0
Const EVENT_ERROR   = 1
Const EVENT_WARNING = 2

Set objArgs = WScript.Arguments
strArgument = LCase(objArgs(0))

If objArgs.count > 1 Then
 wsh.echo "Main: Wrong number of command line parameters provided. Exiting Script..."
 WScript.Quit        
End If

Select Case UCase(strArgument)
 Case "FORCE"
  If (FileExists(ExclusionListINI)=0) Then
   DeleteUnauthorizedAdminMembers(ExclusionListINI)
  Else
   CreateEventLog "RemoveUnauthorizedMembers: missing exclusion file: "&ExclusionListINI&"! No members were removed", EVENT_ERROR
   wsh.echo "Exclusionfile not found. Aborting script ..."
  End If
  WScript.Quit
 Case Else
  wsh.echo "Main: Unknown or no action provided "
  wsh.echo "type ""RemoveUnauthorizedMembers force"" to start script"
  WScript.Quit        
End Select

Sub DeleteUnauthorizedAdminMembers(ByRef ExclusionFile)
'/////////////////////////////////////////////////
'// Removes all members in local admin group with
'// no definition in Exclusion List

 Dim objINIDict,arrKeys,strSection
 Set objINIDict = INItoDict (ExclusionFile, "INI")
 arrExclusionList = objINIDict.Keys
 For y = 0 To Ubound(arrExclusionList)
  strSection=arrExclusionList(y)
  if (UCase(strSection) = UCase(GetComputerName)) Then
   strExclusions = objINIDict.Item(strSection).Item("EXCLUDE").Value
   Exit For
  End If
 Next
 
 arrExclusions = Split(strExclusions, ";")
 sAdmGrpName = GetAdminGroupName
 arrLocalAdmGroup = ListLocalGroupMembers(sAdmGrpName)
 arrGlobal = Split(objINIDict.Item("GLOBAL").Item("EXCLUDE").Value,";")
 
 arrA = SortArray(arrLocalAdmGroup)
 arrB = SortArray(arrExclusions) 
 arrC = SortArray(arrGlobal) 

 For i = 0 to UBound(arrA) 
  For x = 0 to UBound(arrC)
   For j = 0 to UBound(arrB)
     hExists = False
    if (UCase(arrA(i)) = UCase(arrB(j))) Then
       hExists = True
       Exit For
    End If     
   Next  
    hExists = False
   If (UCase(arrA(i)) = UCase(arrC(x))) Then
    
    hExists = True
    Exit For
   End If
  Next  
    
   If not hExists Then   
    If arrA(i) <> "" Then       
       DeleteGroupMember sAdmGrpName,arrA(i)
    End If
   End If  
 Next
End Sub

Sub CreateEventLog(ByRef Message,ByRef ErrCode)
'/////////////////////////////////////////
'// Creates an EventLog entry 

 Set objShell = Wscript.CreateObject("Wscript.Shell")
 objShell.LogEvent ErrCode, Message
End Sub

Function FileExists(Fname)
'/////////////////////////////////////
'// check if file really exists

 Set fs = CreateObject("Scripting.FileSystemObject")

 if fs.FileExists(Fname) = False then
   FileExists = -1
 else
   FileExists = 0
 end if

 Set fs = Nothing
end Function

Function GetComputerName
'////////////////////////////////////////
'// Returns current computername

 Set objWSHNetwork = CreateObject("WScript.Network")
 GetComputerName = objWSHNetwork.ComputerName
End Function

Function GetAdminGroupName
'//////////////////////////////////////////////////////////
'// Returns name of local administrators group

 Set computer = GetObject("WinNT://.")
 computer.Filter = Array("group")

 For Each group in computer
  if (UCase(group.name)="ADMINISTRATOREN") Then GetAdminGroupName = "Administratoren"  
  if (UCase(group.name)="ADMINISTRATORS") Then GetAdminGroupName = "Administrators" End If
 Next
End Function

Function ListLocalGroupMembers(ByRef GroupName)
'///////////////////////////////////////////////////
'// Returns all members in GroupName

 Set computer = GetObject("WinNT://.")
 Set group = computer.GetObject("group",GroupName)
 
 For Each user in group.Members
  arrList = arrList&UCase(user.Name)&";"
 Next 
 arrList = Split(arrList, ";")
 ListLocalGroupMembers = arrList
End Function

Sub DeleteGroupMember(ByRef GroupName, ByRef ObjToDel)
'///////////////////////////////////////////////////////
'// removes an object in Groupname and creates 
'// Eventlog entry
 On Error Resume Next

 set oGroupAdm = GetObject("WinNT://./"&GroupName)

 For Each oAdmGrpUser In oGroupAdm.Members
  sAdmGrpUser = lCase(oAdmGrpUser.Name)
  if (sAdmGrpUser = lCase(ObjToDel)) Then
   oGroupAdm.Remove oAdmGrpUser.ADsPath 
   If (Err.Number<>0) Then
    CreateEventLog "RemoveUnauthorizedMembers("&Err.Number&"): Could not remove "&objToDel&" from group "&GroupName,EVENT_WARNING
    wsh.echo Err.Number&" Could not remove "&objToDel&" from group "&GroupName
   Else
    CreateEventLog "RemoveUnauthorizedMembers: "&objToDel&" succesfully removed from "&GroupName&" group.",EVENT_SUCCESS
    wsh.echo objToDel&" succesfully removed from "&GroupName&" group."
   End If
  Err.Clear
  End If
 Next
End Sub
  
Function SortArray(arrSort)
'///////////////////////////////////
'// sorts an array

 For i = 0 to Ubound(arrSort) 
  arrSort(i)= StringToBin(arrSort(i))
 Next
 arrSorted = bubblesort(arrSort)
 For j = 0 to UBound(arrSorted)
  arrSort(j)=BinToString(arrSorted(j))
 Next
 SortArray=arrSort
End Function

function bubblesort(arrSortieren)
'//////////////////////////////////////////
'// bubble sort algorithm

 for i = 0 to ubound(arrSortieren)
  for j = i + 1 to ubound(arrSortieren)
   if arrSortieren(i) > arrSortieren(j) then
    arrTemp = arrSortieren(i)
    arrSortieren(i) = arrSortieren(j)
    arrSortieren(j) = arrTemp
   end if
  next
 next
 bubblesort = arrSortieren
end function

Function StringToBin(str)
'////////////////////////////////////
'// Converts a string to bin

        Dim result, x
        StringToBin = ""
        If Len(str)=0 Then Exit Function
        If Len(str)=1 Then
                result = Asc(Mid(str, 1, 1))
                StringToBin = Left("000", 3-Len(CStr(result))) & CStr(result)
                Exit Function
        End If
        result = ""
        For x=1 To Len(str)
                result = result & StringToBin(Mid(str, x, 1))
        Next
        StringToBin = result
End Function

Function BinToString(str)
'//////////////////////////////////
'// Converts bin code to string

        Dim result, x
        BinToString = ""
        If Len(str)<3 Then Exit Function
        If Len(str)=3 Then
                BinToString = Chr(CInt(str))
                Exit Function
        End If
        result = ""
        For x=1 To Len(str) Step 3
                result = result & BinToString(Mid(str, x, 3))
        Next
        BinToString = result
End Function

'///////////////////////////////////////////////////////////////////////////////
'/ "ParseINItoDict" reads a complete INI file and adds content to a dictionary object
'/ ----------------------------------------------
Function INItoDict(ByVal strIniFilePath,ByVal strIdent)

        Dim ParseAINI, blnFoundSection, strSection, objFSO
        Dim intEquals, sKey, sVal, i, sLine, tsIni, tsTest, objINIEntry
        
        'On Error Resume Next

        Set objFSO = CreateObject("Scripting.FileSystemObject")
        
        blnFoundSection = False
        
        If IsEmpty(strIdent) Then
                strIdent = ""
        End If

        Err.Clear
        
        If objFSO.FileExists(strIniFilePath) Then
                
                Set tsTest = objFSO.OpenTextFile(strIniFilePath)
                
                Set INItoDict = CreateObject("Scripting.Dictionary")
                
                If Not tsTest.AtEndOfStream Then
                        sLine = tsTest.ReadLine
                        tsTest.Close
                        If IsUnicode(sLine) = vbTrue Then
                                Set tsIni = objFSO.OpenTextFile(strIniFilePath,ForReading,vbFalse,TristateTrue)
                        Else
                                Set tsIni = objFSO.OpenTextFile(strIniFilePath,ForReading,vbFalse,TristateFalse)
                        End If                        
                Else
                        Exit Function                
                End If
                                        
                Do While Not tsIni.AtEndOfStream
                        sLine = ""
                        sLine = Trim(tsIni.ReadLine)
                        If sLine <> "" Then
                                If Left(sLine,1) <> ";" Then
                                        If Left(sLine,1) = "[" Then
                                                blnFoundSection = True                    
                                                strSection = Left(sLine, Len(sLine) - 1)
                                                strSection = Right(strSection, Len(strSection) - 1)
                                                Set ParseAINI = CreateObject("Scripting.Dictionary")
                                                INItoDict.Add UCase(strSection), ParseAINI
                                        Else
                                                'key and value logic
                                                intEquals = InStr(1, sLine, "=")
                                                If (intEquals <= 1) Then
                                                        'line is invalid => skip
                                                Else
                                                        'line is invalid
                                                        sKey = Replace(Left(sLine, intEquals - 1),vbTab,"")
                                                        sVal = Replace(Right(sLine, Len(sLine) - intEquals),vbTab,"")
                                                        Set objINIEntry = New INIEntry
                                                        objINIEntry.Name = LCase(sKey)
                                objINIEntry.Value =  Trim(sVal)
                                                        objINIEntry.OU =  strIdent
                                                        objINIEntry.SourcePath = strIniFilePath                        
                                                        Err.Clear
                                                        ParseAINI.Add Trim(UCase(sKey)), objINIEntry
                                                        If Err.Number <> 0 Then                                                                
                                                        End If                                                                                                
                                                End If
                                        End If
                                End If
                        End If
                Loop
                
 
                tsIni.Close
                Set tsIni = Nothing
                
                If blnFoundSection = False Then
                        Set INItoDict = CreateObject("Scripting.Dictionary")
                End If
        
        Else
                Set INItoDict = CreateObject("Scripting.Dictionary")
        End If

End Function 

Function IsUnicode(stringValue)
   IsUnicode = False
   If Left(stringValue,2)="ÿþ" Then
      IsUnicode = True
   End If
End Function

Class INIEntry

        Public Name
        Public Value
        Public OU
        Public SourcePath

End Class

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.