Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: group policy

  1. #1
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default group policy

    Can someone please explain to me why this isn't working?

    Here is my batch script

    Code:
    @echo off
    
    
    for /f "tokens=1 delims=" %%A in ('"gpresult /v | findstr SEC-"') do ( set secGrp=%%A )
    
    
    IF /i "%secGrp%" == "SEC-Information Systems" echo "You are part of the SEC-Information Systems Group"
    echo %secGrp%
    echo "You are NOT part of the SEC-Information Systems Group"
    pause
    Here is the printout
    SEC-Information Systems
    "You are NOT part of the SEC-Information Systems Group"
    So you can see that I AM part of the group, but for some reason the IF statement is failing and it shouldn't be.

    I tried using EQU instead of "==" and I also tried defining the string above by
    set ISgrp = "SEC-Information Systems"

    and then doing

    Code:
    IF "%secGrp%" EQU "%ISgrp%"
    and

    Code:
    IF "%secGrp%" == "%ISgrp%"
    and I still can't seem to get it to print "You are part of the SEC-Information Systems Group".

    Any ideas?

  2. #2

    Default

    should this:
    IF /i "%secGrp%" == "SEC-Information Systems" echo "You are part of the SEC-Information Systems Group"

    be this: %secGrp% without quotes ?
    IF /i %secGrp% == "SEC-Information Systems" echo "You are part of the SEC-Information Systems Group"

  3. #3
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Nah, quotes don't seem to matter. I changed it to this:
    Code:
    @echo off
    
    
    (set ISgrp="SEC-Information Systems")
    
    
    for /f "tokens=*" %%A in ('"gpresult /v | findstr SEC-"') do ( set secGrp=%%A )
    
    
    echo Your security group is %secGrp%
    
    
    if "%secGrp%"=="%ISgrp%"(
    echo You are part of the SEC-Information Systems Group
    ) else (
    echo You are NOT part of the SEC-Information Systems Group
    )
    pause
    And it seems to kinda work, but now it prints both. Here is the output:
    Your security group is SEC-Information Systems
    You are part of the SEC-Information Systems Group
    You are NOT part of the SEC-Information Systems Group
    Press any key to continue . . .

  4. #4

    Default

    sorry, been busy tonight. Did you get it working?

    I think this should work:

    PHP Code:
    if (%secGrp% == %ISgrp%) (
    echo 
    You are part of the SEC-Information Systems Group
    ) else (
    echo 
    You are NOT part of the SEC-Information Systems Group


  5. #5
    Administrator JoTo's Avatar
    Join Date
    May 2010
    Location
    www.scapp.net
    Posts
    1,953

    Default

    Im wondering about the syntax, is it the "(" for all ?
    Shouldn't it be:

    Code:
    if (condition) {
        <code to execute>
    }
    else {
        <other code to execute>
    }
    Gamers Network - www.scapp.net

  6. #6

    Default

    I'm pretty sure batch files use parens

  7. #7
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Yeah Joto, it confuses me too cause I'm used to c syntax, but it does use parenthesis not swirly brackets. haha
    I haven't gotten it to work, I'm considering in doing it in c++, but I'm running into syntax problems..
    Code:
    // driveMap.cpp : Defines the entry point for the console application.
    //
    
    
    #include "stdafx.h"
    #include <iostream>
    #include <string>
    #include <algorithm>
    #include <windows.h>
    
    
    using namespace std;
    
    
    string securityGroups[12] = {"SEC-Clinical Services", "SEC-Billing", "SEC-Accounting", "Finance", "Corporate Planning", "SEC-Business Development", "Community Development Dept", "SEC-Community Development", "SEC-Information Systems", "SEC-Human Resources", "Office Services", "President Office"};
    
    
    int _tmain(int argc, _TCHAR* argv[])
    {
    	char Group[512];
    	sprintf_s( Group, sizeof( Group ), "%s", system("gpresult /v | findstr SEC-"));
    
    
    	for(int i = 0; i 
    
    
    /*
    
    
    	for (int i = 0; i < 13; i++)
    	{
    		sprintf_s( Group, sizeof( Group ), "%s", System("gpresult /v | findstr"), r, g, b);
    		lastItem = inventory[i];
    		cerr << inventory[i] << endl << endl;                  
    	}
    */
    
    
    //	Group = System("for /f "tokens=*" %%A in ('"gpresult /v | findstr SEC-"') do ( set secGrp=%%A )");
    	return 0;
    }
    if I use
    Code:
    sprintf_s( Group, sizeof( Group ), "%s", system("for /f "tokens=*" %%A in ('"gpresult /v | findstr SEC-"')"));
    The quotes and stuff messes up the syntax of sprintf_s()... errrrr

    Basically I want to check if a user is part of a specific group in Active Directory and if so, then map a drive specific to that group.

  8. #8

  9. #9
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Thanks for the links Joto,

    I have actually "kinda" got something working here, just trying to tweak it.

    Here is what the output is of my current code:

    Group Name: Domain Users
    Group Name: Everyone
    Group Name: Everyone
    Group Name: Administrators
    Group Name: Users
    Group Name: Users
    Group Name: Users
    Group Name: Users
    Group Name: This Organization
    Group Name: This Organization
    Group Name: LOCAL
    Group Name: LOCAL
    Group Name: Domain Admins
    Group Name: Domain Admins
    Group Name: CareCenter Helpdesk
    Group Name: CareCenter Helpdesk
    Group Name: Report Security
    Group Name: AllDocsHost
    Group Name: AllDocsHost
    Group Name: AllDocsHost
    Group Name: SCMDMReadOnlyUsers (CareCenterMDM)
    Group Name: PubFolderAdmin
    Group Name: PubFolderAdmin
    Group Name: PubFolderAdmin
    Group Name: AllDocsAdmin
    Group Name: AllDocsAdmin
    Group Name: SCMDMServerAdmins (CareCenterMDM)
    Group Name: SEC-SharePoint Admins
    Group Name: AllDocsField
    Group Name: AllDocsField
    Group Name: AllDocsField
    Group Name: Recipient Management
    Group Name: Transfers
    Group Name: Transfers
    Group Name: Print-IS
    Group Name: Print-IS
    Group Name: New Hires
    Group Name: New Hires
    Group Name: New Hires
    Group Name: Exchange Recipient Administrators
    Group Name: Exchange Recipient Administrators
    Group Name: Exchange Recipient Administrators
    Group Name: Exchange Recipient Administrators
    Group Name: Medium Mandatory Level
    Here is a list of the Security groups I'm actually part of:
    Domain Users
    Everyone
    Offer Remote Assistance Helpers
    BUILTIN\Administrators
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    Allscripts Support
    Domain Admins
    View Desktop with Allscripts
    CareCenter Helpdesk
    Public Folder Management
    Report Security
    AllDocsHost
    SCMDMDeviceSupport (CareCenterMDM)
    SCMDMHelpdeskOperator (CareCenterMDM)
    SCMDMReadOnlyUsers (CareCenterMDM)
    PubFolderAdmin
    AllDocsScanner
    View-Only Organization Management
    AllDocsAdmin
    SCMDMAuthorizedUsers (CareCenterMDM)
    SCMDMServerAdmins (CareCenterMDM)
    SEC-SharePoint Admins
    AllDocsField
    SEC-Information Systems
    SCMDMSecurityAdmins (CareCenterMDM)
    Recipient Management
    Transfers
    Exchange View-Only Administrators
    Print-IS
    Organization Management
    New Hires
    All Users
    Exchange Organization Administrators
    Exchange Recipient Administrators
    SCMDMDeviceAdmins (CareCenterMDM)
    Exchange Public Folder Administrators
    Denied RODC Password Replication Group
    High Mandatory Level
    You can see that some are printed multiple times and others aren't printed at all. I'm not sure why that's happening. Here is my current code:
    Code:
    // driveMap.cpp : Defines the entry point for the console application.
    //
    
    
    #include "stdafx.h"
    #include <iostream>
    #include <string>
    #include <algorithm>
    #include <windows.h>
    #include <atlstr.h>
    
    
    int _tmain(int argc, _TCHAR* argv[])
    {
    	BOOL bAccessAllowed;
    	HANDLE hToken;
    	TOKEN_GROUPS *ptg = NULL;
    	DWORD dwSize;
    	DWORD dwGroup;
    	SID_NAME_USE SidType;
    
    
    	// First we must open a handle to the access token for this thread.
    	//if (!OpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
    	if (!OpenProcessToken( GetCurrentProcess(), TOKEN_READ, &hToken))
    	{
    		printf("Error 1");
    		return FALSE;
    	}
    
    
    	// Then we must query the size of the group information associated with
    	// the token. Note that we expect a FALSE result from GetTokenInformation
    	// because we've given it a NULL buffer. On exit dwSize will tell
    	// the size of the group information.
    	if ( GetTokenInformation ( hToken, TokenGroups, NULL, 0, &dwSize))
    	{
    		printf("Error 2");
    		return FALSE;
    	}
    
    
    	// Here we verify that GetTokenInformation failed for lack of a large
    	// enough buffer.
    	if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER) 
    	{
    		printf("Error 3");
    		return FALSE;
    	}
    
    
    	// Now we allocate a buffer for the group information.
    	// Since _alloca allocates on the stack, we don't have
    	// to explicitly deallocate it. That happens automatically
    	// when we exit this function.
    	if ( ! ( ptg= (TOKEN_GROUPS*)_alloca ( dwSize))) 
    	{
    		printf("Error 4");
    		return FALSE;
    	}
    
    
    	// Now we ask for the group information again.
    	// This may fail if an administrator has added this account
    	// to an additional group between our first call to
    	// GetTokenInformation and this one.
    	if ( !GetTokenInformation ( hToken, TokenGroups, ptg, dwSize, &dwSize) )
    	{
    		printf("Error 5");
    		return FALSE;
    	}
    	
    	// Finally we'll iterate through the list of groups for this access
    	// token looking for a match against the SID we created above.
    	bAccessAllowed= FALSE;
    
    
    	// Here it will loop through about half of the groups that I am in but doesn't catch them all
    	for ( dwGroup= 0; dwGroup < ptg->GroupCount; dwGroup++)
    	{
    		char lpName[256];
    		char lpDomain[256];
    		char szBuffer[2048];
    
    
    		LookupAccountSid( NULL, ptg->Groups[dwGroup].Sid, lpName, &dwSize, lpDomain, &dwSize, &SidType);
    
    
    		//sprintf_s( szBuffer, sizeof( szBuffer ), "SID: %i\nlpName: %s\nSize: %i\nDomain: %s\nSidType: %i\n", ptg->Groups[dwGroup].Sid, lpName, &dwSize, lpDomain, &SidType);
    		sprintf_s( szBuffer, sizeof( szBuffer ), "Group Name: %s\n", lpName);
    		printf(szBuffer);
    
    
    		//Clear the Buffer before reprinting the output
    		delete [] szBuffer;
    	}
    	return 0;
    }
    Any thoughts on this? I'm sooo close to getting this thing sorted.

  10. #10
    Administrator JoTo's Avatar
    Join Date
    May 2010
    Location
    www.scapp.net
    Posts
    1,953

    Default

    My point is you should get on the C# track, stuff like this is so much easier, quicker and less error prone doing it in the .net world

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •