public static List <Autorunpoints> StartAudit() { List <Autorunpoints> xlselements = new List <Autorunpoints>(); try { string sysdrv = Environment.GetEnvironmentVariable("SystemDrive"); List <string> ls = RegistryUtil.GetUserProfiles(); if (ls != null && ls.Count > 0) { for (int i = 0; i < ls.Count; i++) { try { RegistryKey officeKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe"); if (officeKey != null) { string path = officeKey.GetValue(null).ToString(); string majorVersion = GetProductMajorVersion(path); if (!majorVersion.EndsWith(".0")) { majorVersion += ".0"; } string tempRegis = ls[i] + "\\Software\\Microsoft\\Office\\" + majorVersion + "\\Excel\\Security\\Trusted Locations\\"; RegistryKey trustedLocKey = Registry.Users.OpenSubKey(tempRegis); if (trustedLocKey == null) { continue; } DateTime regMod = RegistryModified.lastWriteTime(trustedLocKey); string[] trustedLocations = trustedLocKey.GetSubKeyNames(); foreach (var item in trustedLocations) { string slocation = tempRegis + item; AddFiles(xlselements, slocation, regMod); } } } catch (Exception) { } } } } catch (Exception) { } return(xlselements); }
public static List <User> StartAudit() { int EntriesRead; int TotalEntries; int Resume; IntPtr bufPtr; List <User> lstUser = new List <User>(); UserProfileAuditor.NetUserEnum(null, 2, 0, out bufPtr, -1, out EntriesRead, out TotalEntries, out Resume); int err = Marshal.GetLastWin32Error(); List <string> lstProfiles = RegistryUtil.GetUserProfiles(); if (EntriesRead > 0) { UserProfileAuditor.USER_INFO_2[] Users = new UserProfileAuditor.USER_INFO_2[EntriesRead]; IntPtr iter = bufPtr; for (int i = 0; i < EntriesRead; i++) { Users[i] = (UserProfileAuditor.USER_INFO_2)Marshal.PtrToStructure(iter, typeof(UserProfileAuditor.USER_INFO_2)); iter = (IntPtr)((int)iter + Marshal.SizeOf(typeof(UserProfileAuditor.USER_INFO_2))); User user = new User(); user.UserName = Users[i].usri2_name; string localGroup = string.Empty; foreach (var item in GetLocalGroups(user.UserName)) { localGroup += item + ";"; } user.Groups = localGroup.TrimEnd(new char[] { ';' }); user.FullName = Users[i].usri2_full_name; user.PasswordAge = Users[i].usri2_password_age.ToString(); user.Description = Users[i].usri2_comment; user.LastLogin = GetTimeFormElaspedSeconds((uint)Users[i].usri2_last_logon); user.IsDisabled = CheckFlagIsEnabled(Users[i].usri2_flags, UF_ACCOUNTDISABLE); user.IsLocked = CheckFlagIsEnabled(Users[i].usri2_flags, UF_LOCKOUT); user.PasswordRequired = !CheckFlagIsEnabled(Users[i].usri2_flags, UF_PASSWD_NOTREQD); GetSidDetails(user); if (lstProfiles.Contains(user.SID)) { lstProfiles.Remove(user.SID); } lstUser.Add(user); } } string serverName = GetDCName(); foreach (string item in lstProfiles) { string userName = string.Empty; try { userName = new SecurityIdentifier(item).Translate(typeof(NTAccount)).ToString(); User user = new User(); user.UserName = userName; string localGroup = string.Empty; foreach (var group in GetLocalGroups(user.UserName)) { localGroup += group + ";"; } user.Groups = localGroup.TrimEnd(new char[] { ';' }); string[] usersNme = user.UserName.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries); GetSidDetails(user); try { if (!string.IsNullOrEmpty(serverName)) { USER_INFO_2 userInfo2 = GetDomainUserInfo(serverName, user.UserName); user.FullName = userInfo2.usri2_full_name; user.FullName = userInfo2.usri2_full_name; user.PasswordAge = userInfo2.usri2_password_age.ToString(); user.Description = userInfo2.usri2_comment; user.LastLogin = GetTimeFormElaspedSeconds((uint)userInfo2.usri2_last_logon); user.IsDisabled = CheckFlagIsEnabled(userInfo2.usri2_flags, UF_ACCOUNTDISABLE); user.IsLocked = CheckFlagIsEnabled(userInfo2.usri2_flags, UF_LOCKOUT); user.PasswordRequired = !CheckFlagIsEnabled(userInfo2.usri2_flags, UF_PASSWD_NOTREQD); } } catch (Exception) { } lstUser.Add(user); } catch (Exception) { } } UserProfileAuditor.NetApiBufferFree(bufPtr); return(lstUser); }