public static List <Autorunpoints> StartAudit()
{
List <Autorunpoints> xlselements = new List <Autorunpoints>();
try
{
string sysdrv = Environment.GetEnvironmentVariable("SystemDrive");
List <string> ls = RegistryUtil.GetUserProfiles();
if (ls != null && ls.Count > 0)
{
for (int i = 0; i < ls.Count; i++)
{
try
{
RegistryKey officeKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe");
if (officeKey != null)
{
string path = officeKey.GetValue(null).ToString();
string majorVersion = GetProductMajorVersion(path);
if (!majorVersion.EndsWith(".0"))
{
majorVersion += ".0";
}
string tempRegis = ls[i] + "\\Software\\Microsoft\\Office\\" + majorVersion + "\\Excel\\Security\\Trusted Locations\\";
RegistryKey trustedLocKey = Registry.Users.OpenSubKey(tempRegis);
if (trustedLocKey == null)
{
continue;
}
DateTime regMod = RegistryModified.lastWriteTime(trustedLocKey);
string[] trustedLocations = trustedLocKey.GetSubKeyNames();
foreach (var item in trustedLocations)
{
string slocation = tempRegis + item;
AddFiles(xlselements, slocation, regMod);
}
}
}
catch (Exception)
{
}
}
}
}
catch (Exception)
{
}
return(xlselements);
}
public static List <User> StartAudit()
{
int EntriesRead;
int TotalEntries;
int Resume;
IntPtr bufPtr;
List <User> lstUser = new List <User>();
UserProfileAuditor.NetUserEnum(null, 2, 0,
out bufPtr, -1, out EntriesRead, out TotalEntries, out Resume);
int err = Marshal.GetLastWin32Error();
List <string> lstProfiles = RegistryUtil.GetUserProfiles();
if (EntriesRead > 0)
{
UserProfileAuditor.USER_INFO_2[] Users = new UserProfileAuditor.USER_INFO_2[EntriesRead];
IntPtr iter = bufPtr;
for (int i = 0; i < EntriesRead; i++)
{
Users[i] = (UserProfileAuditor.USER_INFO_2)Marshal.PtrToStructure(iter, typeof(UserProfileAuditor.USER_INFO_2));
iter = (IntPtr)((int)iter + Marshal.SizeOf(typeof(UserProfileAuditor.USER_INFO_2)));
User user = new User();
user.UserName = Users[i].usri2_name;
string localGroup = string.Empty;
foreach (var item in GetLocalGroups(user.UserName))
{
localGroup += item + ";";
}
user.Groups = localGroup.TrimEnd(new char[] { ';' });
user.FullName = Users[i].usri2_full_name;
user.PasswordAge = Users[i].usri2_password_age.ToString();
user.Description = Users[i].usri2_comment;
user.LastLogin = GetTimeFormElaspedSeconds((uint)Users[i].usri2_last_logon);
user.IsDisabled = CheckFlagIsEnabled(Users[i].usri2_flags, UF_ACCOUNTDISABLE);
user.IsLocked = CheckFlagIsEnabled(Users[i].usri2_flags, UF_LOCKOUT);
user.PasswordRequired = !CheckFlagIsEnabled(Users[i].usri2_flags, UF_PASSWD_NOTREQD);
GetSidDetails(user);
if (lstProfiles.Contains(user.SID))
{
lstProfiles.Remove(user.SID);
}
lstUser.Add(user);
}
}
string serverName = GetDCName();
foreach (string item in lstProfiles)
{
string userName = string.Empty;
try
{
userName = new SecurityIdentifier(item).Translate(typeof(NTAccount)).ToString();
User user = new User();
user.UserName = userName;
string localGroup = string.Empty;
foreach (var group in GetLocalGroups(user.UserName))
{
localGroup += group + ";";
}
user.Groups = localGroup.TrimEnd(new char[] { ';' });
string[] usersNme = user.UserName.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries);
GetSidDetails(user);
try
{
if (!string.IsNullOrEmpty(serverName))
{
USER_INFO_2 userInfo2 = GetDomainUserInfo(serverName, user.UserName);
user.FullName = userInfo2.usri2_full_name;
user.FullName = userInfo2.usri2_full_name;
user.PasswordAge = userInfo2.usri2_password_age.ToString();
user.Description = userInfo2.usri2_comment;
user.LastLogin = GetTimeFormElaspedSeconds((uint)userInfo2.usri2_last_logon);
user.IsDisabled = CheckFlagIsEnabled(userInfo2.usri2_flags, UF_ACCOUNTDISABLE);
user.IsLocked = CheckFlagIsEnabled(userInfo2.usri2_flags, UF_LOCKOUT);
user.PasswordRequired = !CheckFlagIsEnabled(userInfo2.usri2_flags, UF_PASSWD_NOTREQD);
}
}
catch (Exception)
{
}
lstUser.Add(user);
}
catch (Exception)
{
}
}
UserProfileAuditor.NetApiBufferFree(bufPtr);
return(lstUser);
}
