check user groups

powtrix · Jul 11, 2007

Hi,
is possible to verify if an user is in administrators group, ex.:

IF %username% "isin" "%COMPUTERNAME%\Administrators" do (
...
)
or "DOMAIN\Domain Admins"..

Because I want to run some commands at netlogon script only if the
user is a local administrator.
thank you.

Matt Williamson · Jul 11, 2007

Hi,

is possible to verify if an user is in administrators group, ex.:

IF %username% "isin" "%COMPUTERNAME%\Administrators" do (
...
)
or "DOMAIN\Domain Admins"..

Because I want to run some commands at netlogon script only if the
user is a local administrator.
thank you.

There is a utility IFMEMBER that does what you're looking for. Search the MS
website for it.

Al Dunbar · Jul 12, 2007

Matt Williamson said:
There is a utility IFMEMBER that does what you're looking for. Search the
MS website for it.

Note that the IFMEMBER utility may only test for an account's direct
membership, whereas actual administratorship can be inherited through group
nesting but not be detectable by IFMEMBER.

/Al

powtrix · Jul 12, 2007

found a way that works without addon

@echo off
net localgroup administradores | find /i "%username%"
if "%errorlevel%"=="1" (
echo usuario "%username%" NON eh administrador
goto:eof
) else (
echo usuario "%username%" eh administrador
call \\server\netlogon\updates.cmd
)

notes:
users/groups are in portuguese as well.

tks ^D

Al Dunbar · Jul 14, 2007

powtrix said:
found a way that works without addon

@echo off
net localgroup administradores | find /i "%username%"
if "%errorlevel%"=="1" (
echo usuario "%username%" NON eh administrador
goto:eof
) else (
echo usuario "%username%" eh administrador
call \\server\netlogon\updates.cmd
)

This will certainly flag any user that is a direct member of the
administrators group, however, it will miss anyone who is a member of a
domain group that is a member of administrators. It will also register false
positives. Here is the output from my own computer:

C:\Documents and Settings\Al>net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to
the compu
ter/domain

Members

-------------------------------------------------------------------------------
Administrator
admAl
The command completed successfully.

Given that my normal account is Al and my admin account is admAl, both will
appear to be administrators. Also, usernames such as Ali, Strat, men, mem,
comma, sfu, and etc will also be falsely flagged as administrator when
clearly they are not (at least not on my machine).

/Al

powtrix · Jul 19, 2007

yes, this is fine for me:

:ADMLOCAL
NET LOCALGROUP Administradores | FIND /I "%USERNAME%" > NUL && GOTO
INI || GOTO ADMDOM

:ADMDOM
NET GROUP "Domain Admins" /DOMAIN | FIND /I "%USERNAME%" > NUL && GOTO
INI || GOTO :EOF

:INI
echo admin user active [%username%].

tks__
powtrix

net localgroup fails but returns exit status 0	8	Dec 9, 2003
wierd batch file behavior	3	May 30, 2007
Remove users from local groups	5	Apr 21, 2006
Restricted Groups Problem	3	Apr 2, 2005
Can't delete a user profile	2	Jul 18, 2007
Batch File as Login Script	2	Feb 18, 2005
Users & Groups	1	Mar 20, 2008
Check my script	8	Feb 4, 2005

check user groups

powtrix

Matt Williamson

Al Dunbar

powtrix

Al Dunbar

powtrix

Ask a Question

Similar Threads