Re: Script needed: Users with Remote Access permissions on a server
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Jan 2008 15:37:11 -0600
"eaguilar" <eaguilar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:62352391-0004-4706-A6B3-4400EADDCD4E@xxxxxxxxxxxxxxxx
Does anybody have an idea how to write a vbs script to list all users with
Remote Access permissions on a server?
Microsoft's "Scripting guy" archive has a script that lists all users with
such permission, but it queries the domain controller for the full list:
<code>
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://dc=fabrikam,dc=com' WHERE
objectCategory='user' " & "AND msNPAllowDialin = TRUE"
</code>
I need to query a particular server or list of servers.
Permissions for "Remote Desktop" and Terminal Services are for the domain,
not specific computers or servers. I believe a user must have
msNPAllowDialin set equal to TRUE and they must be members of the builtin
group "Remote Desktop Users". The later is a domain local group.
To access any machine remotely with WMI you must be a member of the local
Administrators group on the computer. By default when the computer is joined
to the domain the group "Domain Admins" is added to the local Administrators
group. If you need to enumerate all members of the local Administrators
group, you can use the script linked here:
http://www.rlmueller.net/Enumerate%20Local%20Group.htm
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- Prev by Date: Re: open latest file
- Next by Date: Re: open latest file
- Previous by thread: Re: Move all computers with prefix
- Next by thread: Re: Script needed: Users with Remote Access permissions on a server
- Index(es):
Relevant Pages
|
