Re: Script needed: Users with Remote Access permissions on a server


"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23FDMkWvVIHA.4740@xxxxxxxxxxxxxxxxxxxxxxx

"eaguilar" <eaguilar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:62352391-0004-4706-A6B3-4400EADDCD4E@xxxxxxxxxxxxxxxx
Does anybody have an idea how to write a vbs script to list all users
with
Remote Access permissions on a server?

Microsoft's "Scripting guy" archive has a script that lists all users
with
such permission, but it queries the domain controller for the full list:

<code>
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://dc=fabrikam,dc=com' WHERE
objectCategory='user' " & "AND msNPAllowDialin = TRUE"
</code>

I need to query a particular server or list of servers.

Permissions for "Remote Desktop" and Terminal Services are for the domain,
not specific computers or servers. I believe a user must have
msNPAllowDialin set equal to TRUE and they must be members of the builtin
group "Remote Desktop Users". The later is a domain local group.

As I understand it, msNPAllowDialin is not required to access a system using
RDP, only to achieve a dialup connection into the network. And if you can
dialin to a computer, I do not think you need to have "remote desktop"
permission, unless you are actually going to use RDP.

In order to RDP to my own workstation, I had to enable remote access (my
computer - properties - remote - allow users to connect remotely to this
computer) and add my domain account to the "Remote Desktop Users" group
local to the workstation (i.e. not a domain group).

/Al

To access any machine remotely with WMI you must be a member of the local
Administrators group on the computer. By default when the computer is
joined to the domain the group "Domain Admins" is added to the local
Administrators group. If you need to enumerate all members of the local
Administrators group, you can use the script linked here:

http://www.rlmueller.net/Enumerate%20Local%20Group.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--




.

Relevant Pages

  • Re: RWW
    ... the only difference is the NTFS permissions on the ... In fact the metabase need password only when restore to local server. ... The problem may be caused by corrupt Remote virtual directory, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: COM+ catalog error ?
    ... I logged on to another server and added the ... looking at local permissions, not permissions from the remote bad server. ... local server was listed under launch. ...
    (microsoft.public.windows.server.general)
  • Re: RWW - Local Policy connect to desktop issue
    ... Profile tab of user properties prior to the installation of Windows Server ... SP1 servers show 'deny this user permissions to log on to any terminal ... 'Allow logon to terminal server' and it is checked. ... Remote Desktop Users ...
    (microsoft.public.windows.server.sbs)
  • Re: Script needed: Users with Remote Access permissions on a server
    ... Remote Access permissions on a server? ... Microsoft's "Scripting guy" archive has a script that lists all users with ... I need to query a particular server or list of servers. ... Microsoft MVP Scripting and ADSI ...
    (microsoft.public.scripting.vbscript)
  • Re: Server01 and Server02
    ... was somethin like you must have Terminal Server ... Permissions in or to access this server. ... the TS server's *local* Remote Desktop Users group? ... required domain groupto the Remote Desktop Users ...
    (microsoft.public.windows.terminal_services)