Client Management Suite

Ok we use GPP to set (change) passwords on accounts like the administrator account.

Since I can't get any feedback regarding this to if a machine updated the administrator password or not how can I determine if the password was updated or not?

I figured I could use inventory maybe a custom inventory to determine the accounts password age.

I know you can determine this information via a PowerShell Script but I would like to do it via altiris automation and report on it.

How to get this information via powershell:

http://powershell.com/cs/media/p/376.aspx

cls
$ErrorActionPreference = "SilentlyContinue" 
Get-Content (ENTER PATH TO YOUR INPUT FILE HERE) | foreach { 
    [ADSI]"WinNT://$_/administrator" | select ` 
    $(Name="Account";Expression={($_.PSBase).Path}}, ` 
    $(Name="Password Set";Expression={(Get-Date).AddSeconds(-($_.PasswordAge)[0])}}; ` 
    $(Name="PasswordAge (Days)";Expression={[int]((4-.PasswordAge)[0]/86400) }}, ` 
    $(Name="Last Logon";Expression={$_.LastLogin}}, ` 
    $(Name="Days Since Last Logn";Expression={ ` 
    (New-TimeSpan -start ($_.LastLogin[0]) -end (Get-Date)).days}}} ` 
| Export-csv (ENTER PATH TO YOUR OUTPUT FILE HERE) -notypeinformation  

Any ideas??

bump

bump

What type of output do you get in the .csv?  I'm trying to determine if it's suitable for a custom inventory.  I would imagine you run the PowerShell script to generate the .csv, then use the custom inventory to parse the .csv and report results to the Notification Server.

I have not ever run the Powershell yet.  Just showing there are ways to do this.  Figured someone here would have a different method for doing this but looks like the topic has been pretty dead.

You'll want to create a custom data class, then use your PowerShell or VBscript to form an NSE that is processed in order to populate the data class.  This article talks about this process:

https://www-secure.symantec.com/connect/articles/introduction-custom-inventory-notification-server-70

For whatever reason, password age isn't as accessible as expiration and other data in Windows.  This more common data is already gathered by Altiris standard inventory and data classes.

I didn't test this code so I make no claims to it working right out of the box, but you can modify it to get it working.  You can also add other adsi attributes you want as well.

'---------------------------------------------------------------------- 

set onet = createobject("WScript.Network")
adsCompPath = "WinNT://" & onet.ComputerName
set onet = nothing

compFilter = array("User")
set compObj = getobject(adsCompPath)

compObj.filter = compFilter

'Symantec stuff
'Create instance of Altiris NSE component and set the header data of the NSE
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")

' Please don't modify this GUID. This is the 'Inventory Capture Item'.
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
nse.Priority = 1

dim objDCInstance
set objDCInstance = nse.AddDataClass ("{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}")
dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)

on error resume next

for each userObj in compObj
 'wscript.echo userObj.Name & vbcrlf & nsdate(userObj.PasswordExpirationDate)
 
 set objDataRow = objDataClass.AddRow
 objDataRow.SetField 0, userObj.Name
 objDataRow.SetField 1, nsdate(userObj.PasswordExpirationDate)

next

set compObj = nothing
wscript.echo "Done"

'Function from dougj: http://98.129.119.162/connect/fr/blogs/vbscript-convert-datetime-stamp-nsdate-format
' I fixed the PM/AM bug

function nsDate(curDate)
  'remove " AM" and " PM" from the end of the value
  cd = Mid(curDate,1,len(curDate)-3)
  'wscript.echo Right(curdate, 2)
   
 'Separate date & time values
  pos=InStr(cd," ")
  dt = Mid(cd,1,pos)
  tm = Mid(cd,pos+1,len(dt))
   
  'Separate year, month & date portions of the date value
  posa = InStr(dt,"/")
  posb = InStr(posa+1,dt,"/",1)
  mm = Mid(dt,1,posa-1)

  dd = Mid(dt,posa+1,posb-posa-1)
  yy = RTrim(Mid(dt,posb+1,len(dt)))
  if len(mm) = 1 then     mm = "0" & mm end if
  if len(dd) = 1 then  dd = "0" & dd end if
 
  'Separate hour, minute & second portions of the time value
  posa = InStr(tm,":")
  posb = InStr(posa+1,tm,":",1)
  hh = Mid(tm,1,posa-1)
  mi = Mid(tm,posa+1,posb-posa-1)
  if Right(curdate, 2) = "PM" then
   'wscript.echo "Made it ehere"
   hh = hh + 12
  end if
  ss = RTrim(Mid(tm,posb+1,len(tm)))
  if len(hh) = 1 then     hh = "0" & hh end if
  if len(mi) = 1 then  mi = "0" & mi end if
  if len(ss) = 1 then  ss = "0" & ss end if

  'Rebuild the date in nsdate format (CCYY-MM-DDTHH:MM:SS)
  nsDate = yy & "-" & mm & "-" & dd & "T" & hh & ":" & mi & ":" & ss
end function 'convertDate

bsakata

Thank you for this I have not had time to work on this yet.  It recently got moved to the bottom of my list of things to do but thank you for the info and I will investigate as soon as I can.