I've noticed a lot of people with problems retrieving user Resultant Set Of Policy - RSOP information from WMI using root/RSOP... computer RSOP works fine:
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\rsop\computer")
Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")
For Each objItem In colItems
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "GUID Name: " & objItem.GUIDNameWscript.Echo "ID: " & objItem.ID
Wscript.Echo "Access Denied: " & objItem.AccessDenied
Wscript.Echo "Enabled: " & objItem.Enabled
Wscript.Echo "File System path: " & objItem.FileSystemPath
Wscript.Echo "Filter Allowed: " & objItem.FilterAllowed
Wscript.Echo "Filter ID: " & objItem.FilterId
Wscript.Echo "Version: " & objItem.Version
Wscript.Echo
Next
Works without issue but root\rsop\user\%SID% does not retrieve anything... to fix you must replace the hyphens - in the SID with underscores _ !!
So:
S-1-5-21-1708537768-688789844-1994488-12833 should be S_1_5_21_1708537768_688789844_1994488_12833
so:
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='joeblow',Domain='YourDomain'")
Wscript.Echo objAccount.SID
strWMISID = replace (objAccount.SID,"-","_")
Set objWMIService = Nothing
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\rsop\user\" & strWMISID)
Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")
For Each objItem In colItems
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "GUID Name: " & objItem.GUIDNameWscript.Echo "ID: " & objItem.ID
Wscript.Echo "Access Denied: " & objItem.AccessDenied
Wscript.Echo "Enabled: " & objItem.Enabled
Wscript.Echo "File System path: " & objItem.FileSystemPath
Wscript.Echo "Filter Allowed: " & objItem.FilterAllowed
Wscript.Echo "Filter ID: " & objItem.FilterId
Wscript.Echo "Version: " & objItem.Version
Wscript.Echo
Next
Voila! it now works...
FYI - Get the logged on user with:
Set colSessions = objWMI.ExecQuery("Select * from Win32_LogonSession Where LogonType = 2")
If colSessions.Count = 0 Then
Wscript.Echo "No interactive users found"
Else
For Each objSession in colSessions
Set colList = objWMI.ExecQuery("Associators of {Win32_LogonSession.LogonId=" & objSession.LogonId & "} Where AssocClass=Win32_LoggedOnUser Role=Dependent" )
For Each objItem in colList
WScript.Echo "Username: " & objItem.Name & " SID: " & objItem.SID
WScript.Echo "WMISID: " & replace(objItem.SID,"-","_")
Next
Next
End If
Consistency is a wonderful thing... maybe the WMI namespace adheres to some standard that prevents hyphens but allows underscores... who knows...
Ahhhhh....you are a life-saver. I've been wracking by brains for the last 2 hours trying to figure out why it would return data for Computer GPOs and not User ones!
ReplyDeleteWorks wonderfully, apart from one thing. Your code to get the user and SID doesn't work if a user is logged on to a machine via Remote Desktop.
I prefer to use WMI to retrieve the owner of the EXPLORER.EXE process (which is only ever running if a user is logged on).
You do this by querying Win32_Process for explorer.exe and then using the GetOwner and GetOwnerSID method of the returned process object.
Doesn't work on Win2K unfortunately
Here's the code to do that
ReplyDeletestrComputer="xxxxx"
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProc = objWmiService.ExecQuery("Select Name from Win32_Process" & " Where Name='explorer.exe'")
If colProc.Count > 0 Then
For Each oProcess In colProc
oProcess.GetOwner sUser, sDomain
oProcess.GetOwnerSID SID
Next
WScript.Echo sUser,sDomain, SID
Else
WScript.echo "No user is logged on"
End If