Many companies ...as mine nowadays, decide to disable default windows Administrator account for security reasons or to a have an account for third party partner and opening it only when this is absolute necessary for a while and then disable it again.
After a little search at Nagios Exchange i din't find something similar so i decide to create a simple script myself.
Here is my first basic script written in VBscript to check if specific account is disable or not. If this account is disabled returns OK, if not returns Critical and finally if account is not exist returns Warning.
Needs Opsview agent or NSClient++ to be running already on the system you 're trying to check and you must add the following line to opsview.ini or NSC.ini file, to let NRPE recognize it rightly.
check_mswin_user=cscript.exe //T:190 //NoLogo scripts\\check-user.vbs
After that, create check-user.vbs in scripts folder and paste the following code inside.
Const rWarning = 1
CONST rCritical = 2
CONST rUnknown = 3
Const ADS_UF_ACCOUNTDISABLE = &H0002
strComputer = "."
strUser = "Administrator"
on error resume next
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser)
If IsObject(objUser) Then
flag = objUser.GET("UserFlags")
If flag AND ADS_UF_ACCOUNTDISABLE Then
Wscript.Echo "OK: Account is disabled."
Wscript.Quit(rOK)
Else
Wscript.Echo "CRITICAL: Account is not disabled."
Wscript.Quit(rCritical)
End If
Else
WScript.Echo "WARNING: User does not exist"
Wscript.Quit(rWarning)
End If
Download: check-user.vbs
Pretty straight ...right? You can also change strUser value in anything you want :)
The last things is to restart opsview/nsclient service from windows services and create your new custom script using nagios check_nrpe
Here is a simple example:
check_nrpe -H $HOSTADDRESS$ -c check_mswin_user
No comments:
Post a Comment