Searching for Users with Local Admin rights



Sorry if this is not the right board, but does anyone know of a way to
search computers on a domain to see which ones have users with local admin
accounts on them? We used to have a script that would search and output the
computer name and the username. Unfortunately, the person who wrote it is
gone and we can't find the script...and we're getting audited. I can't write
code to save my life, so there is a big part of the problem.




Steven L Umbach

There are a couple ways I can think of.

You could use the free utility psexec from SysInternals/Microsoft to run
against a list of computers in a file [using fully qualified domain name as
in] or the wildcard for all computers for the
command net localgroup administrators. ---

Probably about the best way I can think of is to use the free Microsoft
Baseline Security Analyzer tool. Install it on a admin workstation, logon as
a domain admin, and run it for a group of computers such as for the domain
or range of IP addresses and you can select only "check for Windows
administrative vulnerabilities". --- MBSA

Note for either method to work you need file and print sharing access to the
computers you want to audit. This is usually not a problem unless you have
the Windows Firewall enabled in the domain without the remote management and
file and print sharing exceptions for at least the admin workstation IP,
have disabled the server service on a computer, or disabled the default
administrative [C$ for example] shares on a computer.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question