Local Admin Group

J

Jasper Recto

Is there a way to see who is in the local admin group for each computer on
our network?

Thanks,
Jasper
 
L

Lanwench [MVP - Exchange]

Jasper Recto said:
Is there a way to see who is in the local admin group for each
computer on our network?

Thanks,
Jasper
Click to expand...

Not that I can think of, but you can *control* who is in it....use
restricted groups (group policy).

Try posting in m.p.windows.group_policy.
 
R

Richard Mueller [MVP]

Jasper Recto said:
Is there a way to see who is in the local admin group for each computer on
our network?

Thanks,
Jasper
Click to expand...

Here is an example VBScript program to enumerate the members of a local
group, such as the Administrators group:

http://www.rlmueller.net/Enumerate Local Group.htm

This program takes into account group nesting, both of local groups and
domain groups. The program is designed to run on the computer, but it can be
run remotely by assigning the NetBIOS name of the remote computer to the
variable strComputer. You could also enumerate the computers in an OU, or
the domain, or in a group, and incorporate the code in the link above to
enumerate the members of the local Administrators group on all computers.

For example, you could enumerate all members of the group "Domain
Computers". A simpler script that does not track down group nesting could be
similar to below:
=========
' Specify NetBIOS Names of group and domain.
strGroup = "Domain Computers"
strDomain = "Mydomain"

' Bind to "Domain Computers" group.
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")

' Enumerate members of the group.
' These should all be computer objects.
For Each objComputer In objGroup.Members
' Retrieve NetBIOS name of computer.
strComputer = objComputer.Name
' Remove trailing "$" character.
strComputer = Left(strComputer, Len(strComputer) - 1)
Wscript.Echo "Computer: " & strComputer
' Bind to the local Administrators group.
' Trap possible error.
On Error Resume Next
Set objLocalAdm = GetObject("WinNT://" & strComputer &
"/Administrators,group")
If (Err.Number = 0) Then
' Enumerate direct members of the group.
For Each objMember In objLocalAdm.Members
Wscript.Echo "-- " & objMember.Name & " (" & objMember.Class &
")"
Next
Else
Wscript.Echo "-- <could not be contacted>"
End If
Next

=========
As with most administrative scripts, this should be run at a command prompt
using the cscript host program. You can redirect the output to a text file.
For example, if the above script is saved in a file called LocalAdm.vbs, you
could run the following command:

cscript //nologo LocalAdm.vbs > Admins.txt
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Admin Password 4
Adding network user to local admin group 1
Domain User can't login unless it has local Administrators right 0
XP Pro forgets security settings after logoff or reboot 1
Local Administrators Group 1
windows updates without admin rights 2
Resetting local administrator password 7
can not login local machine interactively. 3

Top