Rights on computer objects through AD

S

Solo

Hi,

Is there a script that I can use through active directory that would tell me
which users have administrator rights on their machines. I was thinking
along the line of the output being a text file with each administrator group
being listed and the members of that group listed for each machine.

any suggestions welcome
thanks in advance
S.
 
C

Chris Malone

const ForReading = 1, ForWriting = 2, ForAppending = 8

dim strAcctName

set oShell = CreateObject("wscript.shell")
set oFSO = CreateObject("Scripting.FileSystemObject")
set OutputFile = oFSO.CreateTextFile("FindUserinLocalAdmins.txt", TRUE)
set InputFile = oFSO.OpenTextFile("ComputerNameList.txt",ForReading)

strUserName = Trim(InputBox("Enter name of user: ", "LocalAdmin_Find"))

Do While InputFile.AtEndofStream <> TRUE
ReadLineTextFile = InputFile.ReadLine
on error resume next
Set objWMIService = GetObject("winmgmts:\\" & ReadLineTextFile &
"\root\cimv2")
if err.number <> 0 then
OutputFile.Writeline "Error connecting to WMI on " &
ReadLineTextFile
else

Set oGroup = GetObject("WinNT://" & ReadLineTextFile &
"/Administrators,group")
For Each item In oGroup.Members
OutputFile.Writeline item.Name
If item.name = strUserName Then
OutputFile.Writeline "User is a member of local admins on "
& ReadLineTextFile
End if
Next
End If
Loop


' The "ComputerNameList.txt" file will contain a list of computer names
to check
 
S

Solo

Hi Chris,

Thanks for your reply. I'm wondering if you could explain the below script
in a little more detail as I am not that hot with scripts...
A few questions if you please.

How do I a run this script against Active Directory? Do I run this locally
or does it need to reside else where?
I assume I save the script as (eg) .vbs?

thanks again
 
T

Tim.Olsen

S,

The directory doesn't store that information.

What Chris' script does is this:
You provide a username in a dialog box.
You provide a list of machines in a file called (ComputerNameList.txt)
The script reaches out to each machine on the list and searches the
local admin group for the username you entered in the prompt. If it
finds a match, it notes it in a file called
FindUserinLocalAdmins.txt

Basically, each run of the script searches lots of machines for a
single ID.

With a small tweek you could list all the administrator accounts for
all the machines in your list. Is that what you're looking to do?

Tim Olsen
 
S

Solo

Hi Tim,

I can provide a list of machine names, but I don't want to enter a single
ID. So, you were saying about listing all the administrator accounts for the
machines listed in a text file. That would be perfect. Can you tweak the
script to offer that?

thanks for help
S.
 
T

Tim.Olsen

Here you go... be careful with line wrap when you paste it into your
editor.


'Lists local admins
' requires ComputerNamelist.txt : a list of computers one per line, no
blank lines, no trailing spaces.
' creates FindUserinLocalAdmins.txt a list of all the admins on each
machine in Computernamelist.txt
'
' With appologies to Chris Malone, the original author.

On error resume next
const ForReading = 1, ForWriting = 2, ForAppending = 8

set oShell = CreateObject("wscript.shell")
set oFSO = CreateObject("Scripting.FileSystemObject")
set OutputFile = oFSO.CreateTextFile("FindUserinLocalAdmins.txt", TRUE)
set InputFile = oFSO.OpenTextFile("ComputerNameList.txt",ForReading)

'read the inputfile in it's entirety, convert it into an array
ListofMachines = split(inputfile.readall, vbcrlf)

For each strComputername in ListofMachines
'see if the machine is ~online:
Set objWMIService = GetObject("winmgmts:\\" & strComputername &
"\root\cimv2")
If err.number <> 0 Then
'it's not available so log it. the first line logs to a file, the
second the screen.
OutputFile.Writeline "Error connecting to WMI on " &
strComputername
wscript.stdout.writeline "Error connecting to WMI on " &
strComputername
Else
OutputFile.Writeline strComputername & " Administrators:"
wscript.stdout.writeline strComputername
'use the ADSI WinNT provider to connect to the machines admin
group.
Set oGroup = GetObject("WinNT://" & strComputername &
"/Administrators,group")
'dump out each admin name
For Each member In oGroup.members
OutputFile.Writeline vbtab & member.Name
wscript.stdout.writeline vbtab & member.Name
Next
End If
Next
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Use Active Directory to set work station local rights 5
Modify security settings in AD 1
Making a Domain Group Local Admins Via Group Policy 2
AD Computer objects displaying wrong icon 1
Rights - 2003 Server in Windows NT4 Domain 4
how to get administrative rights on user profiles ? 1
Placement of computer objects in AD 3
AD Corruption 1

Top