> Hi all > > This is my first post so please be gentle with me :-) > > I've come across an odd problem which I'm hoping somebody out there can help me > with. > > I've put together a script to scan my companies subnet for NT/2000 machines and > then perform remote registry queries to ascertain service packs etc and log them > to file. > > This all seems to work fine, only I have a problem. We don't use a domain > structure here and depending on which site you are on (and who built the > machine) can mean that you have a different administrator password. What I want > to do is enable the program to try three different admin passwords on a machine > and then give up and log to file that it couldnt query it. This would also > enable you to run the script independant of your logged in credentials e.g. > logged in as "joeb" not "administrator". > > I thought I'd do this by mapping a drive to the the admin$ share within perl, > and for each failure specify a different password. Upon success I would be > authenticated and could then query the registry. Unfortunately it doesnt seem > to work like that! I can map a drive happily using the administrator account > for that machine, but the registry query always fails(presumably because I dont > have permissions?). Unless that is I run the perl script using "runas" or "su" > and specify an administrator account before launching perl, it then works > perfectly. > > I can't find any optional authentication info for win32::TieRegistry and I'm > pulling my hair out - I can connect to the registry fine using other utilities > after I have mapped a drive successfuly, just not from Perl! > > Anybody have any ideas? > > A chocolate bar of your choice will be in the mail for the first successful > answer! > > Kind Regards > > Ross >
I'm not very knowledgeable about security issues, but I can think of two ways that might allow you to do what you want to do. (1) Use the impersonation APIs in Win32; I don't know of any modules that would help and this probably a little overboard anyway. (2) A similar but easier solution would be to execute another (sub)script as a user with the proper permissions. A quick search with `perlindex' shows that the `Win32::AdminMisc' provides access to the `CreateProcessAsUser' API call. Of course you could also just execute system 'su ... script.pl'. If you have not setup these systems yourself be aware that they may have automatic lockout enabled so that after n failed logon attempts, the account becomes locked until x hours or permanately until someone unlocks it. HTH, Randy W. Sims _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
