Thursday, 19 September 2013

What Service Needs to be on to translate UserSID

What Service Needs to be on to translate UserSID

I have a script which accepts following input
"sender-ip=10.10.10.10"
It is supposed to return the last user logged on.
First, it will attempt to detect Operating System
Second, it will attempt to detect User Profile
Finally, it will attempt to translate Security Identifier into a user
account, i.e. DOMAIN\username
Here is relevant part of code
$Sender_IP = $my_hash.Get_Item("sender-ip")
try
{
<#Gather information on the computer corresponding to $Sender_IP#>
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName
$Sender_IP -ErrorAction Stop
}
catch [Exception]
{
$userId = "Unknown/CannotDetectOS "
return $output = "userId=" + $userId
}
try
{
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName
$Sender_IP -ErrorAction Stop
}
catch [Exception]
{
$userId = "Unknown/CannotDetectUserProfile "
return $output+= "userId=" + $userId
}
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
try
{
$UserSID = New-Object
System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
}
catch [Exception]
{
$userId = "Unknown/CannotDetectUserSID "
return $output = "userId=" + $userId
}
$userId = $userId.Value
if ($userId -ne $NULL){
$output = "userId=" + $userId
}
elseif ($userID -eq $NULL)
{
$userId = "Unknown/UserID"
$output = "userId=" + $userId
}
$output.replace("\","/")
From what I understand, WMI service needs to be turned on in order to
detect Windows Operating system, i.e.
$Win32OS = Get-WmiObject -Class Win32_OperatingSystem -ComputerName
$Sender_IP -ErrorAction Stop
and Windows User Profile, i.e.
$Win32User = Get-WmiObject -Class Win32_UserProfile -ComputerName
$Sender_IP -ErrorAction Stop
But what service needs to be turned on to properly translate Security
Identifier, i.e.
$Win32User = $Win32User | Sort-Object -Property LastUseTime -Descending
$LastUser = $Win32User | Select-Object -First 1
try
{
$UserSID = New-Object
System.Security.Principal.SecurityIdentifier($LastUser.SID)
$userId = $UserSID.Translate([System.Security.Principal.NTAccount])
}
catch [Exception]
{
$userId = "Unknown/CannotDetectUserSID "
return $output = "userId=" + $userId
}
One week I will run the script with "sender-ip=10.10.10.10" and get the
actual user, and the next week script throws "CannotDetectUserProfile",
and next week script throws "CannotDetectOS", etc
What service needs to be turned on, and can I do this remotely through
powershell?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)