Re: Listing Users that are Part of the Local Administrator Group
- From: "Richard Mueller [MVP]" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 Jun 2005 14:04:12 -0500
RayRay wrote:
> I'm trying to find/write a script that can return the members of the Local
> Administrator group on Win 2K/XP machines. I have an active directory
2003
> domain environment and basically want to be able to generate a text file
that
> lists the computers in my domain with the Domain users that belong to
those
> computers' local Administrator group. Very new to Windows scripting, and
I
> can't figure out how to pull the users from the local administrator group.
> I'm thinking I need to use WMI which is new to me as well. Any help is
most
> appreciated.
I've used a script similar to below to document the local Administrators
group on a PC remotely:
Option Explicit
Dim objGroup, strComputer
strComputer = "Delaware"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
Wscript.Echo "Members of local Administrators group on computer " &
strComputer
Call EnumGroup(objGroup, "")
Sub EnumGroup(objGroup, strOffset)
Dim objMember
For Each objMember In objGroup.Members
Wscript.Echo strOffset & objMember.Name & " (" & objMember.Class &
")"
If (objMember.Class = "Group") Then
Call EnumGroup(objMember, strOffset & "--")
End If
Next
End Sub
The program documents all members of the group, local and domain, users and
groups. The recursive subroutine handles group nesting, so it reveals
everyone with admin rights on the machine. The variable strOffset indents
the output to show the heirarchy of any nesting. This snippet could be
modified to loop through all computer objects in AD. For example, using the
same subroutine as above:
Option Explicit
Dim objDomain, objComputer, objGroup
Wscript.Echo "Members of local Administrators group on each computer"
Set objDomain = GetObject("WinNT://MyDomain")
objDomain.Filter = Array("computer")
For Each objComputer In objDomain
On Error Resume Next
Set objGroup = GetObject("WinNT://" & objComputer.Name &
"/Administrators,group")
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Computer: " & objComputerName & " - Not available"
Else
On Error GoTo 0
Wscript.Echo "Computer: " & objComputer.Name
Call EnumGroup(objGroup "--")
End If
Next
The error trapping is needed to handle any computers not running. You would
run the script at a command prompt with the cscript host and redirect the
output to a text file. If the VBScript is called DocumentLocalAdmins.vbs:
cscript //nologo DocumentLocalAdmins.vbs > report.txt
A final refinement is to use Torgeir Bakken's IsConnectible function to ping
each computer before attempting to bind to the group object. This prevents
the long timeout if the machine is unavailable. That code, plus Torgeir's
similar code for this problem is at this link:
http://groups-beta.google.com/group/microsoft.public.windowsxp.wmi/browse_thread/thread/87807ab58dc0ee3a/366e0daf1e8bca65?q=IsConnectible+group:microsoft.public.*+author:Torgeir+author:Bakken&rnum=7&hl=en#366e0daf1e8bca65
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--
.
- References:
- Prev by Date: Re: Listing Users that are Part of the Local Administrator Group
- Next by Date: Re: Move Public Folders
- Previous by thread: Re: Listing Users that are Part of the Local Administrator Group
- Next by thread: Move Public Folders
- Index(es):
Relevant Pages
|
