Simple ASP page for unlocking Active Directory accounts

This is quick way to unlock AD accounts on the PC or smartphone. The page will display all currently locked accounts. Type the username and click the unlock button.

You need these two files.

unlock.exe from Joeware.net
LoginAdmin.dll mentioned on this page. -> Code Project

unlock.asp
<br><br><b>My unlocker</b><br><br><% Response.Buffer = true %> <br><% Set objWShell = CreateObject("WScript.Shell") Set objCmd = objWShell.Exec("c:\inetpub\unlock.exe domaincontroller * -view") strPResult = objCmd.StdOut.Readall() set objCmd = nothing: Set objWShell = nothing strStatus = "offline" if InStr(strPResult,"TTL=")>0 then strStatus = "online" <br> <br> response.write "<br>" & replace(strPResult,vbCrLf,"<br>") <br>%><br><br><form name="input" action="unlock2.asp" method="post"><br>Username: <br><input type="text" name="user"><br><input type="submit" value="unlock"><br></form><br>
unlock2.asp
<br><br><br><textarea><br><br><b>My unlocker</b><br><br><% user=Request.Form("user") %><br><br><% Set objLogon = Server.CreateObject("LoginAdmin.ImpersonateUser") objLogon.Logon "user", "pass", "domain" UserName = user DomainName = "example.com" Set UserObj = GetObject("WinNT://"& DomainName &"/domaincontroller/"& UserName &"") 'If Err.Number = 0 then If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 UserObj.SetInfo 'else Set UserObj = Nothing 'end if 'If err.number = 0 Then ' response.write "The Account Unlock Failed. Check that the account is, in fact, locked-out." 'Else ' response.write "The Account Unlock was Successful" 'End if objLogon.Logoff Set objLogon = Nothing %><br>

The finished product.

My unlocker

1: jamsignal 12/19/2011-13:39:03 LOCKED VIEW_ONLY

2: Guest 11/09/2011-10:36:49 LOCKED VIEW_ONLY

3: Mickey 12/23/2011-07:44:31 LOCKED VIEW_ONLY

4: Minnie 12/23/2011-08:38:09 LOCKED VIEW_ONLY

5: Donald 12/17/2011-03:27:30 LOCKED VIEW_ONLY

Username:

Restart Windows server using the AT command.

at 22:11 shutdown /r /f /t 0

I have used this on 2003 and 2008 for a quick one time restart after hours.

ws.ourpictures.com

Why is this one of the top domains in my firewall log?

I had one PC posting to this URL every three seconds 24 hours a day. I looked at the PC and found ourpictures.exe in "C:\program files\RitzPix E-Z Print & Share." This might not be spyware but it is annoying. I deleted the exe and no more traffic for now.

SQL 2000 database out of space!

The drive is almost full. Shrinking does not help. The transaction log backup fails because there is not enough space. I changed the recovery model to 'Simple' and now I have plenty of space. The log is cleared. I know this is just a work around, but this database is not mission critical so I am good!

I need a 'top' for windows.

I will use tasklist and sort by ram usage:

tasklist | sort /+60 (XP)

tasklist | sort /+65 (2003/2008)

Then I will sort by CPU Time:

tasklist /v | sort /+77 (All)

chrome.exe 5708 Console 0 48,612 K

chrome.exe 31432 Console 0 78,444 K

iexplore.exe 11168 Console 0 103,052 K

Image Name PID Session Name Session# Mem Usage

========================= ====== ================ ========

C:\>

How to use psexec with non-domain machine.

I use psexec daily and have for a long time. It has has never worked with computers which are not in the domain until now. I have only tried this with Windows XP.

Under Administrative Tools:
LOCAL SECURITY SETTINGS
LOCAL POLICIES
SECURITY OPTIONS
Network Access: Sharing and security model for local
accounts.

Change from "Guest Only" to "Classic"

Both of these commands now work!

psexec \\10.1.2.3 -u 10.1.2.3\administrator -p localpass cmd

net use j: \\10.1.2.3\c$ /user:10.1.2.3\administrator localpass

Update: 10/24/12
Psexec worked with a Windows 8 machine not in the domain. I only had to disable the firewall.

Active Directory failed logon auditing.

I need to see failed logon attempts and account lockouts in the event log. This was somehow recently disabled. To enable, edit the Default Domain Controllers Policy, NOT the Default Domain Policy.

Computer Configuration / Policies / Windows Settings / Security Settings / Audit Policy

Policy	Setting
Audit account logon events	Failure
Audit account management	Success
Audit logon events	Failure

If you are troubleshooting account lockouts, use EventCombMT!

Active Directory failed logon auditing II