Re: VBScript to verify is user is local admin
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Mar 2007 19:16:53 -0500
I believe the script posted using WMI addresses one complication with the
task of determining who has administrative rights on a computer, which is
that the local Administrators group can be renamed. The script finds the
group using the "well-known SID". However, it still does not reveal
membership due to nesting. Both scripts, the one by the original poster, and
the WMI script, only reveal direct membership.
I have a sample VBScript program linked here that attempts to determine
membership in a local group, including due to nesting, both of local groups
and nesting of domain groups. The program is linked here:
http://www.rlmueller.net/IsMember9.htm
This program reveals membership in any local group, but if the local
Administrators group is renamed, you have to know that. The task is not
easy.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Fredrik Wall" <wall.fredrik@xxxxxxxxx> wrote in message
news:B1350D1F-676F-4B50-8612-A914DD7A85B1@xxxxxxxxxxxxxxxx
Hi,
I think this script can help you:
Dim strUser
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_Group Where LocalAccount = TRUE And SID =
'S-1-5-32-544'")
For Each objAccount in colAccounts
strUser = "testuser"
Set objGroup = GetObject("WinNT://" & strComputer & "/" &
objAccount.Name)
For Each objUser in objGroup.Members
Wscript.Echo objUser.Name
If objUser.Name = strUser Then
wscript.echo strUser & " is a local administrator."
End If
Next
Next
"Flash08" <stuart.karp@xxxxxxxxx> wrote in message
news:1174687820.364368.24540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all,
I wrote a script to verify if a user is a local admin or not, however
right now it only works if the username is a local admin. If the
username is part of a group that's a local admin it does not work.
Here's my script:
Dim strUser
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
strUser = "testuser"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
For Each objUser in objGroup.Members
Wscript.Echo objUser.Name
If objUser.Name = strUser Then
Msgbox strUser & " is a local administrator."
End If
Next
I also don't like the fact that it only checks the username and not
the domain as well. If someone know how to do that I'd appreciate it
as well. So if testuser was a member of the Administrators group it
would work. However if testuser was a member of a group called
testGroup and testGroup was an Administrator on this machine it would
not work.
Does anyone know a better way to verify if a useraccount is a local
admin on a machine? Thanks.
.
- References:
- VBScript to verify is user is local admin
- From: Flash08
- Re: VBScript to verify is user is local admin
- From: Fredrik Wall
- VBScript to verify is user is local admin
- Prev by Date: Re: How to reinstall WMI on WXP-SP2
- Next by Date: Re: How to reinstall WMI on WXP-SP2
- Previous by thread: Re: VBScript to verify is user is local admin
- Next by thread: How to reinstall WMI on WXP-SP2
- Index(es):
Relevant Pages
|
