:py:mod:`dissect.target.plugins.os.windows.ual`
===============================================

.. py:module:: dissect.target.plugins.os.windows.ual




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.ual.UalPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.ual.ClientAccessRecord
   dissect.target.plugins.os.windows.ual.RoleAccessRecord
   dissect.target.plugins.os.windows.ual.VirtualMachineRecord
   dissect.target.plugins.os.windows.ual.DomainSeenRecord
   dissect.target.plugins.os.windows.ual.SystemIdentityRecord
   dissect.target.plugins.os.windows.ual.FIELD_NAME_MAP


.. py:data:: ClientAccessRecord

.. py:data:: RoleAccessRecord

.. py:data:: VirtualMachineRecord

.. py:data:: DomainSeenRecord

.. py:data:: SystemIdentityRecord

.. py:data:: FIELD_NAME_MAP

.. py:class:: UalPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Return all available User Access Log information.

   User Access Logging (UAL) is a logging system that aggregates client usage data by role and products on a local
   server. It helps Windows server administrators to quantify requests from client computers for roles and services on
   a local server.

   .. rubric:: References

   - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh849634%28v=ws.11%29


   .. py:attribute:: __namespace__
      :value: 'ual'


      Defines the plugin namespace.


   .. py:attribute:: LOG_DB_GLOB
      :value: '%windir%/System32/LogFiles/Sum/*.mdb'



   .. py:attribute:: IDENTITY_DB_FILENAME
      :value: 'SystemIdentity.mdb'



   .. py:attribute:: IDENTITY_DB_PATH
      :value: '%windir%/System32/LogFiles/Sum/SystemIdentity.mdb'



   .. py:attribute:: mdb_paths


   .. py:attribute:: role_guid_map


   .. py:attribute:: identity_db_parser
      :value: None



   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: find_mdb_files() -> list[pathlib.Path]


   .. py:method:: populate_role_guid_map() -> None


   .. py:method:: read_table_records(table_name: str) -> collections.abc.Iterator[tuple[pathlib.Path, dict[str, Any]]]


   .. py:method:: client_access() -> collections.abc.Iterator[ClientAccessRecord]

      Return client access data within the User Access Logs.



   .. py:method:: role_access() -> collections.abc.Iterator[RoleAccessRecord]

      Return role access data within the User Access Logs.



   .. py:method:: virtual_machines() -> collections.abc.Iterator[VirtualMachineRecord]

      Return virtual machine data within the User Access Logs.



   .. py:method:: domains_seen() -> collections.abc.Iterator[DomainSeenRecord]

      Return DNS data within the User Access Logs.



   .. py:method:: system_identities() -> collections.abc.Iterator[SystemIdentityRecord]

      Return system identity data within the User Access Logs.