File parsing on steroids needed - Part II

TheMSsForum.com: The Microsoft Software Forum

Hello all.

Many moons ago, I posted a request for help with this same type of
issue:

http://groups.google.com/group/microsoft.public.scripting.vbscript/browse_thread/thread/f1f78014008099fc/8991e865aeb0bfe6?lnk=gst&q=File+parsing+on+steroids+needed#8991e865aeb0bfe6

As always, I received excellent help on my previous post. Now I'm back
again with the same type of issue. I need to (do a complex) search and
replace text in a file.

I have a text file (it's the output of the Resource kit utility
secedit.exe) that looks something like this:

SeCreatePagefilePrivilege = *S-1-5-32-523
SeDebugPrivilege = *S-1-5-32-523
SeRemoteShutdownPrivilege = *S-1-5-32-523,*S-1-5-32-528
SeAuditPrivilege = *S-1-5-13,*S-1-5-19
SeIncreaseQuotaPrivilege =
SeIncreaseBasePriorityPrivilege = *S-1-5-32-523
SeLoadDriverPrivilege = *S-1-5-32-523
SeBatchLogonRight =
*S-1-5-19,*S-1-5-21-2113617034-347475637-2087665911-40777,SUPPORT_366945a0,IUSR_W815-
WEB228-A,IWAM_W815-WEB228-A,IIS_WPG,ASPNET
SeServiceLogonRight =
*S-1-5-20,*S-1-5-21-2113617034-347475637-2087665911-123821,ASPNET,*S-1-5-21-2250643452-2129950081-2393833302-1007,*S-1-5-21-2250643452-2129950081-2393833302-1009
SeInteractiveLogonRight = IUSR_W815-WEB228-
A,*S-1-5-32-523,*S-1-5-32-547,*S-1-5-32-530
SeSecurityPrivilege = *S-1-5-32-523
SeAssignPrimaryTokenPrivilege =
SeRestorePrivilege = *S-1-5-32-523,*S-1-5-32-528,*S-1-5-32-529

What I want to do is the following:

- find each SID in this text file
- turn that SID into a variable
- process that variable in a script that will resolve the SID to an
account name
- replace the SID in the original text file with that account name

I've got the script that will resolve the SID to an account name:

strSID = "S-1-5-32-523"
strComputer = "W815-WEB228-A"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root
\cimv2")
Set objAccount = objWMIService.Get("Win32_SID.SID='" & strSID & "'")
strResolvedSID = objAccount.AccountName
MsgBox strResolvedSID
Set objWMIService = nothing
Set objAccount = nothing

I just need the file parsing done to extract the SIDs.

Any help would be greatly appreciated. Thanks!

- Dave
Top

Re: File parsing on steroids needed - Part II by ekkehard

ekkehard
Fri Jul 18 10:28:11 CDT 2008

Highlander schrieb:
> Hello all.
>
> Many moons ago, I posted a request for help with this same type of
> issue:
>
> http://groups.google.com/group/microsoft.public.scripting.vbscript/browse_thread/thread/f1f78014008099fc/8991e865aeb0bfe6?lnk=gst&q=File+parsing+on+steroids+needed#8991e865aeb0bfe6
>
> As always, I received excellent help on my previous post. Now I'm back
> again with the same type of issue. I need to (do a complex) search and
> replace text in a file.
>
> I have a text file (it's the output of the Resource kit utility
> secedit.exe) that looks something like this:
>
> SeCreatePagefilePrivilege = *S-1-5-32-523
> SeDebugPrivilege = *S-1-5-32-523
> SeRemoteShutdownPrivilege = *S-1-5-32-523,*S-1-5-32-528
> SeAuditPrivilege = *S-1-5-13,*S-1-5-19
> SeIncreaseQuotaPrivilege =
> SeIncreaseBasePriorityPrivilege = *S-1-5-32-523
> SeLoadDriverPrivilege = *S-1-5-32-523
> SeBatchLogonRight =
> *S-1-5-19,*S-1-5-21-2113617034-347475637-2087665911-40777,SUPPORT_366945a0,IUSR_W815-
> WEB228-A,IWAM_W815-WEB228-A,IIS_WPG,ASPNET
> SeServiceLogonRight =
> *S-1-5-20,*S-1-5-21-2113617034-347475637-2087665911-123821,ASPNET,*S-1-5-21-2250643452-2129950081-2393833302-1007,*S-1-5-21-2250643452-2129950081-2393833302-1009
> SeInteractiveLogonRight = IUSR_W815-WEB228-
> A,*S-1-5-32-523,*S-1-5-32-547,*S-1-5-32-530
> SeSecurityPrivilege = *S-1-5-32-523
> SeAssignPrimaryTokenPrivilege =
> SeRestorePrivilege = *S-1-5-32-523,*S-1-5-32-528,*S-1-5-32-529
>
> What I want to do is the following:
>
> - find each SID in this text file
> - turn that SID into a variable
> - process that variable in a script that will resolve the SID to an
> account name
> - replace the SID in the original text file with that account name
>
> I've got the script that will resolve the SID to an account name:
>
> strSID = "S-1-5-32-523"
> strComputer = "W815-WEB228-A"
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root
> \cimv2")
> Set objAccount = objWMIService.Get("Win32_SID.SID='" & strSID & "'")
> strResolvedSID = objAccount.AccountName
> MsgBox strResolvedSID
> Set objWMIService = nothing
> Set objAccount = nothing
>
> I just need the file parsing done to extract the SIDs.
>
> Any help would be greatly appreciated. Thanks!
>
> - Dave
>
>

Assuming that "*S" starts a SID and that resolving is a costly process
that should be done only once for each SID:

Dim oFS : Set oFS = CreateObject( "Scripting.FileSystemObject" )
Dim sFSpec : sFSpec = ".\sids.txt"
Dim oRE : Set oRE = New RegExp
oRE.Global = True
oRE.Pattern = "\*S(-\d+)+"
Dim sAll : sAll = oFS.OpenTextFile( sFSpec ).ReadAll
Dim dicSids : Set dicSids = CreateObject( "Scripting.Dictionary" )
Dim oMTS : Set oMTS = oRE.Execute( sAll )
WScript.Echo oMTS.Count, "SIDs found."
Dim oMT
For Each oMT In oMTS
WScript.Echo oMT.Value
dicSids( oMT.Value ) = dicSids( oMT.Value ) + 1
Next
WScript.Echo dicSids.Count, "unique SIDs found."
Dim sSID
For Each sSID In dicSids.Keys
WScript.Echo sSID, dicSids( sSID )
Next
Top

Re: File parsing on steroids needed - Part II by Highlander

Highlander
Tue Jul 22 11:49:20 CDT 2008

On Jul 18, 10:28=A0am, "ekkehard.horner" <ekkehard.hor...@arcor.de>
wrote:
> Highlander schrieb:
>
>
>
>
>
> > Hello all.
>
> > Many moons ago, I posted a request for help with this same type of
> > issue:
>
> >http://groups.google.com/group/microsoft.public.scripting.vbscript/br...
>
> > As always, I received excellent help on my previous post. Now I'm back
> > again with the same type of issue. I need to (do a complex) search and
> > replace text in a file.
>
> > I have a text file (it's the output of the Resource kit utility
> > secedit.exe) that looks something like this:
>
> > SeCreatePagefilePrivilege =3D *S-1-5-32-523
> > SeDebugPrivilege =3D *S-1-5-32-523
> > SeRemoteShutdownPrivilege =3D *S-1-5-32-523,*S-1-5-32-528
> > SeAuditPrivilege =3D *S-1-5-13,*S-1-5-19
> > SeIncreaseQuotaPrivilege =3D
> > SeIncreaseBasePriorityPrivilege =3D *S-1-5-32-523
> > SeLoadDriverPrivilege =3D *S-1-5-32-523
> > SeBatchLogonRight =3D
> > *S-1-5-19,*S-1-5-21-2113617034-347475637-2087665911-40777,SUPPORT_36694=
5a0,=ADIUSR_W815-
> > WEB228-A,IWAM_W815-WEB228-A,IIS_WPG,ASPNET
> > SeServiceLogonRight =3D
> > *S-1-5-20,*S-1-5-21-2113617034-347475637-2087665911-123821,ASPNET,*S-1-=
5-21=AD-2250643452-2129950081-2393833302-1007,*S-1-5-21-2250643452-21299500=
81-2393=AD833302-1009
> > SeInteractiveLogonRight =3D IUSR_W815-WEB228-
> > A,*S-1-5-32-523,*S-1-5-32-547,*S-1-5-32-530
> > SeSecurityPrivilege =3D *S-1-5-32-523
> > SeAssignPrimaryTokenPrivilege =3D
> > SeRestorePrivilege =3D *S-1-5-32-523,*S-1-5-32-528,*S-1-5-32-529
>
> > =A0What I want to do is the following:
>
> > - find each SID in this text file
> > - turn that SID into a variable
> > - process that variable in a script that will resolve the SID to an
> > account name
> > - replace the SID in the original text file with that account name
>
> > I've got the script that will resolve the SID to an account name:
>
> > strSID =3D "S-1-5-32-523"
> > strComputer =3D "W815-WEB228-A"
> > Set objWMIService =3D GetObject("winmgmts:\\" & strComputer & "\root
> > \cimv2")
> > Set objAccount =3D objWMIService.Get("Win32_SID.SID=3D'" & strSID & "'"=
)
> > strResolvedSID =3D objAccount.AccountName
> > MsgBox strResolvedSID
> > Set objWMIService =3D nothing
> > Set objAccount =3D nothing
>
> > I just need the file parsing done to extract the SIDs.
>
> > Any help would be greatly appreciated. Thanks!
>
> > - Dave
>
> Assuming that "*S" starts a SID and that resolving is a costly process
> that should be done only once for each SID:
>
> =A0 =A0Dim oFS =A0 =A0 : Set oFS =A0 =A0 =3D CreateObject( "Scripting.Fil=
eSystemObject" )
> =A0 =A0Dim sFSpec =A0: sFSpec =A0 =A0 =A0=3D ".\sids.txt"
> =A0 =A0Dim oRE =A0 =A0 : Set oRE =A0 =A0 =3D New RegExp
> =A0 =A0oRE.Global =A0=3D True
> =A0 =A0oRE.Pattern =3D "\*S(-\d+)+"
> =A0 =A0Dim sAll =A0 =A0: sAll =A0 =A0 =A0 =A0=3D oFS.OpenTextFile( sFSpec=
).ReadAll
> =A0 =A0Dim dicSids : Set dicSids =3D CreateObject( "Scripting.Dictionary"=
)
> =A0 =A0Dim oMTS =A0 =A0: Set oMTS =A0 =A0=3D oRE.Execute( sAll )
> =A0 =A0WScript.Echo oMTS.Count, "SIDs =A0found."
> =A0 =A0Dim oMT
> =A0 =A0For Each oMT In oMTS
> =A0 =A0 =A0 =A0WScript.Echo oMT.Value
> =A0 =A0 =A0 =A0dicSids( oMT.Value ) =3D dicSids( oMT.Value ) + 1
> =A0 =A0Next
> =A0 =A0WScript.Echo dicSids.Count, "unique SIDs =A0found."
> =A0 =A0Dim sSID
> =A0 =A0For Each sSID In dicSids.Keys
> =A0 =A0 =A0 =A0WScript.Echo sSID, dicSids( sSID )
> =A0 =A0Next- Hide quoted text -
>
> - Show quoted text -

Thanks ekkehard - that worked great!

Question abourt this line:
oRE.Pattern =3D "\*S(-\d+)+"

Can you explain the details on how this pattern works in it's search?

Thanks again!

- Dave
Top

Re: File parsing on steroids needed - Part II by ekkehard

ekkehard
Tue Jul 22 13:24:25 CDT 2008

Highlander schrieb:
> On Jul 18, 10:28 am, "ekkehard.horner" <ekkehard.hor...@arcor.de>
> wrote:
>> Highlander schrieb:
[...]
[Sample Data]
>>> SeCreatePagefilePrivilege = *S-1-5-32-523
>>> SeDebugPrivilege = *S-1-5-32-523
>>> SeRemoteShutdownPrivilege = *S-1-5-32-523,*S-1-5-32-528
[...]
>> Assuming that "*S" starts a SID and that resolving is a costly process
>> that should be done only once for each SID:
[...]
> oRE.Pattern = "\*S(-\d+)+"
> Can you explain the details on how this pattern works in it's search?

The pattern matches:

\* a literal * (must be escaped, because * has a meaning in RegExp patterns)
S a literal S
( start of group
- literal -
\d digit
+ one or more (digit)
) end of group
+ one or more (occurence(s) of the group)

So "*S-1-5-32-523" will be found because it starts with "*S" and
after that contains 4 sequences of "-" followed by digits
Top

Re: File parsing on steroids needed - Part II by Highlander

Highlander
Mon Jul 28 11:15:47 CDT 2008

On Jul 22, 1:24=A0pm, "ekkehard.horner" <ekkehard.hor...@arcor.de>
wrote:
> Highlander schrieb:> On Jul 18, 10:28 am, "ekkehard.horner" <ekkehard.hor=
...@arcor.de>
> > wrote:
> >> Highlander schrieb:
>
> [...]
> [Sample Data]
>
> >>> SeCreatePagefilePrivilege =3D *S-1-5-32-523
> >>> SeDebugPrivilege =3D *S-1-5-32-523
> >>> SeRemoteShutdownPrivilege =3D *S-1-5-32-523,*S-1-5-32-528
> [...]
> >> Assuming that "*S" starts a SID and that resolving is a costly process
> >> that should be done only once for each SID:
> [...]
> > oRE.Pattern =3D "\*S(-\d+)+"
> > Can you explain the details on how this pattern works in it's search?
>
> The pattern matches:
>
> =A0 =A0\* =A0 =A0a literal * (must be escaped, because * has a meaning in=
RegExp patterns)
> =A0 =A0S =A0 =A0 a literal S
> =A0 =A0( =A0 =A0 start of group
> =A0 =A0 - =A0 =A0literal -
> =A0 =A0 \d =A0 digit
> =A0 =A0 + =A0 =A0one or more (digit)
> =A0 =A0) =A0 =A0 end of group
> =A0 =A0+ =A0 =A0 one or more (occurence(s) of the group)
>
> So "*S-1-5-32-523" will be found because it starts with "*S" and
> after that contains 4 sequences of "-" followed by digits

Ekkehard - I appreciate the RegEx explanation.

Thanks again for your help! Dankesch=F6n!

- Dave
Top