Converting VBScript to VB.NET

My last post titled “Event 10 Mystery Solved” (found here.) left me with a question about the binary version of the SID, a returned value of CreatorSID: 1,5,0,0,0,0,0,5,21,0,0,0,190,118,173,34,87,198,105,19,239,226,7,24,244,1,0,0.

I started searching the net to see if anyone has posted a conversion tool to go from the the Binary SID: The Administrators SID in array of bytes format:

CreatorSID = {1,2,0,0,0,0,0,5,32,0,0,0,32,2,0,0};

to a String version:

Administrators group S-1–5-32-544

So far, I have not found a formula to do a conversion (that works) but I am getting closer, and learning a few things in the process.

I ran across a blog article (located here) that used PowerShell to search classes by Key Phrase and return a list of Classes that it was located in. The default search location is Cimv2 (System default).

That gave me several locations to search for answers.

The Win32_SID does not return any instances. You have to create an instance, as you will see below in the script. It does show BinaryRepresentation as a property.

Then I ran across this Web Page.

How to convert the SDDL form of an SID to a SAM account name (located here and another KB article here on conversion) which the code appears to be in VB6 version. The code still didn’t do what I wanted. They all required you to access the system for some form of information. It did tell me that the SID is actually stored in the binary form to start with, so all I had to do is figure out how to get at it, which brings me to the next web page.

This page is a script that I found at the Microsoft Script Center (located here) called, “Create Shared Folder and Set Access Permissions”.

After looking through the code, I noted that it had a place where the binary version of the SID was placed into a variable, which was what I wanted.

Foldername="c:\KS"   'folder to share
sharename="KS_Share"   'Share Name
strDesc="Test Share"   'Share Description
strUser="mike"      'User to set permissions for

Set  Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2")
' Connects to the WMI service with security privileges
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
' Need an instance of the Win32_SecurityDescriptor 
' so we can create an instance of a Security Descriptor.
Set SecDesc = SecDescClass.SpawnInstance_()
' Create an instance of a Security Descriptor.
Set colWinAcc = Services.ExecQuery("SELECT * 
_FROM Win32_ACCOUNT WHERE Name='" & strUser & "'")
If colWinAcc.Count < 1 Then
   Wscript.echo("User " & strUser & "Not Found - quitting")
   wscript.quit
End If
' Find the WMI representation of a particular Windows Account
For Each refItem in colWinAcc
   Set refSID = Services.Get("Win32_SID='" & refItem.SID & "'")
   ' Get the SID for the choosen Windows account.
Next
Set refTrustee = Services.Get("Win32_Trustee").spawnInstance_()
' Creates an instance of a Windows Security Trustee 
' (usually a user but anything with a SID I guess...)
With refTrustee
   .Domain = refSID.ReferencedDomainName
   .Name = refSID.AccountName
   .SID = refSID.BinaryRepresentation
   .SidLength = refSID.SidLength
   .SIDString = refSID.SID
End With
' Sets the trustee object up with the SID & all that malarkey 
' from the user object we have choosen to work on
Set ACE = Services.Get("Win32_Ace").SpawnInstance_
' Creates an instance of an Access Control Entry Object
' (this will be one entry on the access list on an object)
ACE.Properties_.Item("AccessMask") = 2032127
' This is full Control    ' This is full Control (bitflag) full list here: 
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/win32_ace.asp
ACE.Properties_.Item("AceFlags") = 3
' what to apply ACE to inc inhehitance 3 - means files & 
' folders get permssions & pass onto children
ACE.Properties_.Item("AceType") = 0
' 0=allow access 1=deny access
ACE.Properties_.Item("Trustee") = refTrustee
' Set the Trustee (user) that this Access control Entry will refer to.
SecDesc.Properties_.Item("DACL") = Array(ACE)
' Get the DACL property of the Security Descriptor object
' Add the ACE to the Dynamic Access Control List on the object (an array) 
' it will overwrite the old entries 
' unless you retreive & save 'em first & 
' add them to a big array with the new entry as well as 
' the old ones
Set Share = Services.Get("Win32_Share")
' Get a WMI share Object
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
' Create an instance of a WMI input Parameters object
InParam.Properties_.Item("Access") = SecDesc
' Set the Access Parameter to the Security Descriptor Object we configured above
InParam.Properties_.Item("Description") = strDesc
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("Type") = 0
Set outParams=Share.ExecMethod_("Create", InParam)

' Create the share with all the parameters we have set up
wscript.echo("OUT: " & outParams.returnValue)
If outParams.returnValue <> 0 Then
   wscript.echo("Failed to Create Share, return Code:" & outParams.returnValue)
Else
   wscript.echo("Folder " & Foldername & _
   " sucessfully shared as: " & sharename & " _
                 with FULL CONTROL Permissions for user " & strUser)
End If

The code above as listed on the Script Center.

Next, I had to strip out everything to do with working with the folders. Then, add a way to show the “refTrustee.* ” information, as you see in the next code listing.

strUser="David"      'User to Get SID For

Set  Services = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2")
' Connects to the WMI service with security privileges
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
' Need an instance of the Win32_SecurityDescriptor so we can create an instance of a 
' Security Descriptor.
Set SecDesc = SecDescClass.SpawnInstance_()
' Create an instance of a Security Descriptor.
Set colWinAcc = Services.ExecQuery("SELECT * _
FROM Win32_ACCOUNT WHERE Name='" & strUser & "'")
If colWinAcc.Count < 1 Then
   Wscript.echo("User " & strUser & "Not Found - quitting")
   wscript.quit
End If
' Find the WMI representation of a particular Windows Account
For Each refItem in colWinAcc
   Set refSID = Services.Get("Win32_SID='" & refItem.SID & "'")
   ' Get the SID for the choosen Windows account.
Next
Set refTrustee = Services.Get("Win32_Trustee").spawnInstance_()
' Creates an instance of a Windows Security Trustee 
' (usually a user but anything with a SID I guess...)
With refTrustee
   .Domain = refSID.ReferencedDomainName
   .Name = refSID.AccountName
   .SID = refSID.BinaryRepresentation
   .SidLength = refSID.SidLength
   .SIDString = refSID.SID
End With
' Sets the trustee object up with the SID & all that malarkey from the user object 
' we have choosen to work on

Wscript.echo "Domain Name: " & refTrustee.Domain
Wscript.echo "User Name: " & refTrustee.Name
strSID = Join(refTrustee.SID, ",")
         WScript.Echo "SID: " & strSID

Wscript.echo "SidLength: " & refTrustee.SidLength
Wscript.echo "SIDString: " & refTrustee.SIDString

The only thing you will have to change in the modified script to get it to work is the name of a user. You can also save it as a text file and load it into the Scriptomatic V2 to run it.

The output from the BUILTIN Administrators group looks like this:

Domain Name: BUILTIN
User Name: Administrators
SID: 1,2,0,0,0,0,0,5,32,0,0,0,32,2,0,0
SidLength: 16
SIDString: S-1-5-32-544

To me, one of the most interesting things is the way to handle the array of Bytes, the script used the join function to pull out all of the bytes.

strSID = Join(refTrustee.SID, ",") 
         WScript.Echo "SID: " & strSID

This does not work in VB.NET, you get a this function is not supported error.

Now the Conversion

Below is the VB.NET version of the stripped script above, I started by copying the script into a new project then adding the Imports and references, also adding Dim to a few lines and replace the WScript.Echo with a way to get the information to a multi-line Textbox.

Here is what the form looks like:

And here is the code behind the form:

Imports System.Management
Imports System.Management.Instrumentation
Imports System.Threading
Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Permissions
Imports System.Text

Public Class Form1

    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
                           Handles MyBase.Load
        Dim uan As Integer
        Dim usearcher As New ManagementObjectSearcher( _
                       "root\CIMV2", _
                       "SELECT * FROM Win32_UserAccount")

        For Each queryObj As ManagementObject In usearcher.Get()
            ComboBoxAllUsers.Items.Add(queryObj("Name"))

        Next
        lblUserNumber.Text = "Total Accounts Found: " & ComboBoxAllUsers.Items.Count
        uan = ComboBoxAllUsers.Items.Count
    End Sub

    Private Sub btnGetNfo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
                                Handles btnGetNfo.Click
        Try
            'If ComboBoxAllUsers.SelectedItem = Nothing Then
            '    MsgBox("Please Select A User Name", 
            '    MsgBoxStyle.Information, "User Not Selected")
            'End If
            Dim strUser As String = ComboBoxAllUsers.SelectedItem.ToString
            Dim refSID As System.Object
            refSID = Nothing
            Dim Services = GetObject("winmgmts:{impersonationLevel=impersonate,_
                           (Security)}!\\.\root\cimv2")
            ' Connects to the WMI service with security privileges
            Dim SecDescClass = Services.Get("Win32_SecurityDescriptor")
            ' Need an instance of the Win32_SecurityDescriptor so we can create 
            ' an instance of a Security Descriptor.
            Dim SecDesc = SecDescClass.SpawnInstance_()
            ' Create an instance of a Security Descriptor.
            Dim colWinAcc = Services.ExecQuery_
            ("SELECT * FROM Win32_ACCOUNT WHERE Name='" & _
                            strUser & "'")
            If colWinAcc.Count < 1 Then
                MsgBox("User " & strUser & "Not Found ")

            End If
            ' Find the WMI representation of a particular Windows Account
            For Each refItem In colWinAcc
                refSID = Services.Get_
                ("Win32_SID='" & refItem.SID & "'")
                ' Get the SID for the choosen Windows account.
            Next
            Dim refTrustee = Services.Get("Win32_Trustee").spawnInstance_()
            ' Creates an instance of a Windows Security Trustee 
            ' (usually a user but anything with a SID I guess...)
            With refTrustee
                .Domain = refSID.ReferencedDomainName
                .Name = refSID.AccountName
                .SID = refSID.BinaryRepresentation
                .SidLength = refSID.SidLength
                .SIDString = refSID.SID
            End With
            ' Sets the trustee object up with the SID & all that malarkey from the 
            ' user object we have choosen to work on
            Dim strb As New StringBuilder
            Dim strsid As New StringBuilder
            Dim nstrSid As String
            Dim pSid As String
            For Each pSid In refTrustee.SID
                strsid.Append(pSid & ",")
            Next
            nstrSid = strsid.ToString

            strb.AppendLine("Domain Name: " & refTrustee.Domain)
            strb.AppendLine("User Name: " & refTrustee.Name)
            'strSID = Join(refTrustee.SID, ",")
            strb.AppendLine("SID: " & nstrSid)

            strb.AppendLine("SidLength: " & refTrustee.SidLength)
            strb.AppendLine("SIDString: " & refTrustee.SIDString)
            tbSidNFO.Text = strb.ToString

        Catch ex As Exception
            If ComboBoxAllUsers.SelectedItem = Nothing Then
                MsgBox("Please Select A User Name", _
                MsgBoxStyle.Information, "User Not Selected")
            Else
                MsgBox("An Error Has Occured : " & vbCrLf & ex.Message)
            End If

        End Try
    End Sub

    Private Sub lblAbout_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
                               Handles lblAbout.Click
        My.Forms.AboutBox1.Show()

    End Sub
End Class

The code for the above app only gets the local User Accounts it finds.

The way I handled the array of Bytes in VB.NET is with a foreach loop and a string builder. I’m not sure how others would do it but I kinda like the Stringbuilder now that I have learned how to use it. The other way I used to do it was in 1 long line and several “&” and “vbCrLf” mixed in. When you had several properties to pull out, then it got harder to read and handle the code even using line continuation.

This code below is the way to get the information to the text box from the original code.

Dim strb As New StringBuilder    'Stringbuilder to build the complete String to the Textbox
            Dim strsid As New StringBuilder  'Stringbuilder for the array of bytes
            Dim nstrSid As String            ' string to represent the complete array of bytes
            Dim pSid As String               ' string id to represent each byte in the foreach loop
            For Each pSid In refTrustee.SID
                strsid.Append(pSid & ",")  ' adds each byte 
                                    ' to a string and appends a Comma to each byte
            Next
            nstrSid = strsid.ToString

            strb.AppendLine("Domain Name: " & refTrustee.Domain)
            strb.AppendLine("User Name: " & refTrustee.Name)
            'strSID = Join(refTrustee.SID, ",")
            strb.AppendLine("SID: " & nstrSid)

            strb.AppendLine("SidLength: " & refTrustee.SidLength)
            strb.AppendLine("SIDString: " & refTrustee.SIDString)
            tbSidNFO.Text = strb.ToString

Let's jazz this up a bit and get the System and Group accounts also.

Here is what the final app looks like:

In this version, I added a group box and the 3 Radio Buttons inside of it for selecting the account type.

I then moved the code to get the names for the account type to its own sub. Then in the radio button on change event, calls the selected user type sub to fill the combo box.

Now the Final Code

Imports System.Management
Imports System.Management.Instrumentation
Imports System.Threading
Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Permissions
Imports System.Text

Public Class Form1

    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
        Handles MyBase.Load
        ComboBoxAllUsers.Items.Clear()
        Get_userAccount()

    End Sub

    Private Sub btnGetNfo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
        Handles btnGetNfo.Click
        Try
            'If ComboBoxAllUsers.SelectedItem = Nothing Then
            '    MsgBox("Please Select A User Name", _
            MsgBoxStyle.Information, "User Not Selected")
            'End If
            Dim strUser As String = ComboBoxAllUsers.SelectedItem.ToString
            Dim refSID As System.Object
            refSID = Nothing
            Dim Services = GetObject("winmgmts:{impersonationLevel=impersonate,_
                           (Security)}!\\.\root\cimv2")
            ' Connects to the WMI service with security privileges
            Dim SecDescClass = Services.Get("Win32_SecurityDescriptor")
            ' Need an instance of the Win32_SecurityDescriptor 
            ' so we can create an instance of a Security Descriptor.
            Dim SecDesc = SecDescClass.SpawnInstance_()
            ' Create an instance of a Security Descriptor.
            Dim colWinAcc = Services.ExecQuery_
            ("SELECT * FROM Win32_ACCOUNT WHERE Name='" _
                            & strUser & "'")
            If colWinAcc.Count < 1 Then
                MsgBox("User " & strUser & "Not Found ")

            End If
            ' Find the WMI representation of a particular Windows Account
            For Each refItem In colWinAcc
                refSID = Services.Get("Win32_SID='" & refItem.SID & "'")
                ' Get the SID for the choosen Windows account.
            Next
            Dim refTrustee = Services.Get("Win32_Trustee").spawnInstance_()
            ' Creates an instance of a Windows Security Trustee 
            ' (usually a user but anything with a SID I guess...)
            With refTrustee
                .Domain = refSID.ReferencedDomainName
                .Name = refSID.AccountName
                .SID = refSID.BinaryRepresentation
                .SidLength = refSID.SidLength
                .SIDString = refSID.SID
            End With
            ' Sets the trustee object up with the SID & all that malarkey 
            ' from the user object we have choosen to work on
            Dim strb As New StringBuilder
            Dim strsid As New StringBuilder
            Dim nstrSid As String
            Dim pSid As String
            For Each pSid In refTrustee.SID
                strsid.Append(pSid & ",")
            Next
            nstrSid = strsid.ToString

            strb.AppendLine("Domain Name: " & refTrustee.Domain)
            strb.AppendLine("User Name: " & refTrustee.Name)
            'strSID = Join(refTrustee.SID, ",")
            strb.AppendLine("SID: " & nstrSid)

            strb.AppendLine("SidLength: " & refTrustee.SidLength)
            strb.AppendLine("SIDString: " & refTrustee.SIDString)
            tbSidNFO.Text = strb.ToString

        Catch ex As Exception
            If ComboBoxAllUsers.SelectedItem = Nothing Then
                MsgBox("Please Select A User Name", _
                MsgBoxStyle.Information, "User Not Selected")
            Else
                MsgBox("An Error Has Occured : " & vbCrLf & ex.Message)
            End If

        End Try
    End Sub

    Private Sub lblAbout_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
                               Handles lblAbout.Click
        My.Forms.AboutBox1.Show()
    End Sub

    Private Sub Get_userAccount()
        tbSidNFO.Clear()
        Dim uan As Integer
        Dim usearcher As New ManagementObjectSearcher( _
                       "root\CIMV2", _
                       "SELECT * FROM Win32_UserAccount")

        For Each queryObj As ManagementObject In usearcher.Get()
            ComboBoxAllUsers.Items.Add(queryObj("Name"))

        Next
        lblUserNumber.Text = "Total User Accounts Found: " & ComboBoxAllUsers.Items.Count
        uan = ComboBoxAllUsers.Items.Count
    End Sub
    Private Sub Get_GroupAccount()
        tbSidNFO.Clear()
        Dim uan As Integer
        Dim usearcher As New ManagementObjectSearcher( _
                       "root\CIMV2", _
                       "SELECT * FROM Win32_Group")

        For Each queryObj As ManagementObject In usearcher.Get()
            ComboBoxAllUsers.Items.Add(queryObj("Name"))

        Next
        lblUserNumber.Text = "Total Group Accounts Found: " & ComboBoxAllUsers.Items.Count
        uan = ComboBoxAllUsers.Items.Count
    End Sub
    Private Sub Get_SystemAccounts()
        tbSidNFO.Clear()

        Dim uan As Integer
        Dim usearcher As New ManagementObjectSearcher( _
                       "root\CIMV2", _
                       "SELECT * FROM Win32_SystemAccount")

        For Each queryObj As ManagementObject In usearcher.Get()
            ComboBoxAllUsers.Items.Add(queryObj("Name"))

        Next
        lblUserNumber.Text = "Total System Accounts Found: " & ComboBoxAllUsers.Items.Count
        uan = ComboBoxAllUsers.Items.Count
    End Sub

    Private Sub RadioButtonUserAccount_CheckedChanged(ByVal sender As System.Object, _
          ByVal e As System.EventArgs) _
          Handles RadioButtonUserAccount.CheckedChanged
        ComboBoxAllUsers.Items.Clear()  'Need to clear or the usernames will keep stacking up.
        ComboBoxAllUsers.Text = _
        "Please Select A User Account"  ' Changes the text property 
                                                  'you see before selecting a user name.
        Get_userAccount()     'Calls the sub for the account type.

    End Sub

    Private Sub RadioButtonGroupAccount_CheckedChanged(ByVal sender As System.Object, _
             ByVal e As System.EventArgs) Handles RadioButtonGroupAccount.CheckedChanged

        ComboBoxAllUsers.Items.Clear()
        ComboBoxAllUsers.Text = "Please Select A Group Account"
        Get_GroupAccount()

    End Sub

    Private Sub RadioButtonSystemAccount_CheckedChanged(ByVal sender As System.Object, _
         ByVal e As System.EventArgs) Handles RadioButtonSystemAccount.CheckedChanged

        ComboBoxAllUsers.Items.Clear()
        ComboBoxAllUsers.Text = "Please Select A System Account"
        Get_SystemAccounts()

    End Sub
End Class

Now that I can get several sample versions of the binary/array of bytes version of the SID, I can get back to the research of being able to do a conversion of a given binary SID and do the conversion without having access to the original system it came from.

The best source I could find that explained how the conversion works is (located here) at selfadsi.org Microsoft Security Descriptor(SID)Attributes.

So far, I can’t get the math & conversion to agree with what this program shows.

Conclusion

If you have access to the systems and have Admin Authority, then this should work for you as an easy way to get the binary and string form for an account. You may also want to check out another tool of mine called All User Account NFO (located here).

Located on my website with a link to download the program.

That’s it for now, hope everyone else learned as much as I did.

Please post any comments or questions.

I think I have figured out the comments control, maybe.

Reposting 11/19/2011 to try and get the RSS to pick it up.