How to Combat Conficker on a Large Network

The following is information and tools for dealing with a Conficker Outbreak on a Large Enterprise Network with lots of clients.

How to unlock all of your Active Directory Accounts with a script.

Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_LOCKOUT = &H10

Set objRootDSE = GetObject(“LDAP://rootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

Set objCommand = CreateObject(“ADODB.Command”)
Set objConnection = CreateObject(“ADODB.Connection”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”
objCommand.ActiveConnection = objConnection

StartNode = strDNSDomain
SearchScope = “subtree”

‘Filterstring = “(&(objectCategory=Person)(objectClass=User)” _
‘& “(userAccountControl:1.2.840.113556.1.4.803:=16))” ‘find locked out accounts (bitwise)

Filterstring = “(&(objectCategory=person)(objectClass=user)(lockoutTime>=1))”   ‘not sure which is better

Attributes = “adspath”

LDAPQuery = “<LDAP://” & StartNode & “>;” & FilterString & “;” _
& Attributes & “;” & SearchScope

objCommand.CommandText = LDAPQuery
objCommand.Properties(“Page Size”) = 100
objCommand.Properties(“Timeout”) = 30
objCommand.Properties(“Cache Results”) = False
Set objRecordSet = objCommand.Execute

If NOT objRecordSet.eof Then
objRecordSet.MoveFirst
While Not objRecordset.EOF
Set objuser = GetObject(objRecordSet.Fields(“AdsPath”).Value)
objUser.IsAccountLocked = False
objUser.SetInfo
objRecordSet.MoveNext
Wend
End If

objRecordset.Close
objConnection.Close
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing

msgbox “All users are now unlocked!”

WScript.Quit(0)

0 Shares:
You May Also Like