");
// Get user rid stored in "default" key
var user_rid=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\Names\\",user_names[i]),"");
user_rid=RegistryKeyTypeToString(user_rid.type);
println("| RID: | ",Number(user_rid).toString(10)," (",user_rid,")"," | ");
// RegistryKeyTypeToString returns the rid prepended with "0x". We have to remove that for further processing
user_rid=String(user_rid).substr(2);
// Get user's V key and print various infos
var v_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"V");
// Get user's F key and print various infos
var f_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"F");
println("
| Last login time: | ",RegistryKeyValueToVariant(f_key.value,"filetime",8)," | ");
println("
| Last pw change: | ",RegistryKeyValueToVariant(f_key.value,"filetime",24)," | ");
println("
| Last failed login: | ",RegistryKeyValueToVariant(f_key.value,"filetime",40)," | ");
println("
| Account expires: | ",RegistryKeyValueToVariant(f_key.value,"filetime",32)," | ");
println("
| Total logins: | ",RegistryKeyValueToVariant(f_key.value,"uint16",66)," | ");
println("
| Failed logins: | ",RegistryKeyValueToVariant(f_key.value,"uint16",64)," | ");
var acc_flags=Number(RegistryKeyValueToVariant(f_key.value,"uint16",56));
print("
| Account flags: | ");
if(acc_flags&0x0001) print("Disabled ");
if(acc_flags&0x0002) print("HomeDirReq ");
if(acc_flags&0x0004) print("PwNotReq ");
if(acc_flags&0x0008) print("TempDupAcc ");
// Don't think this would be useful to show
//if(acc_flags&0x0010) print("NormUserAcc ");
if(acc_flags&0x0020) print("MnsAcc ");
if(acc_flags&0x0040) print("DomTrustAcc ");
if(acc_flags&0x0080) print("WksTrustAcc ");
if(acc_flags&0x0100) print("SrvTrustAcc ");
if(acc_flags&0x0200) print("NoPwExpiry ");
if(acc_flags&0x0400) print("AccAutoLock ");
println(" | ");
println("
");
println(" ");
}
println("");