Pages

Thursday, December 22, 2016

Powershell v2 Function Get EnabledUserflags

This morning BigTeddy posted trying to figure out how to enumerate the specific values enabled for a given user on a local machine:
Local user UserFlags
After posting a few of my older links:
  • http://learningpcs.blogspot.com/2009/09/bscript-set-user-password-to-never.html
  • http://learningpcs.blogspot.com/2011/01/powershell-winnt-provider.html
I realized I hadnt done much with this, so, I created a function to enumerate the flags that are enabled once the userflags values are obtained.  BigTeddy had already gotten that part, so, you can pattern after him.  This function explicitly displays which flags are enabled:
function Get-EnabledUserflags {
 param(
  $userflags
 )

 $userflags_enum = @{
  "ADS_UF_SCRIPT" = "1";
  "ADS_UF_ACCOUNTDISABLE" = "2";
  "ADS_UF_HOMEDIR_REQUIRED" = "8";
  "ADS_UF_LOCKOUT" = "16";
  "ADS_UF_PASSWD_NOTREQD" = "32";
  "ADS_UF_PASSWD_CANT_CHANGE" = "64";
  "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED" = "128";
  "ADS_UF_TEMP_DUPLICATE_ACCOUNT" = "256";
  "ADS_UF_NORMAL_ACCOUNT" = "512";
  "ADS_UF_INTERDOMAIN_TRUST_ACCOUNT" = "2048";
  "ADS_UF_WORKSTATION_TRUST_ACCOUNT" = "4096";
  "ADS_UF_SERVER_TRUST_ACCOUNT" = "8192";
  "ADS_UF_DONT_EXPIRE_PASSWD" = "65536";
  "ADS_UF_MNS_LOGON_ACCOUNT" = "131072";
  "ADS_UF_SMARTCARD_REQUIRED" = "262144";
  "ADS_UF_TRUSTED_FOR_DELEGATION" = "524288";
  "ADS_UF_NOT_DELEGATED" = "1048576";
  "ADS_UF_USE_DES_KEY_ONLY" = "2097152";
  "ADS_UF_DONT_REQUIRE_PREAUTH" = "4194304";
  "ADS_UF_PASSWORD_EXPIRED" = "8388608";
  "ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION" = "16777216";
 }

 $userflags_enum.GetEnumerator() | % {
 if ( $_.value -band $userflags )
  {
   $_.name
  }
 }
}

Related Posts by Categories

0 comments:

Post a Comment