Re: List users in local administrators group on remote machine
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 10 Oct 2008 12:04:32 -0500
Nick wrote:
I am looking to manage all desktops on our network with regard to the
local
administrators group. There are several things I am looking to
accomplish:
1. list all users (domain and local) in local administrators group on
multiple remote computers
2. remove user from local administrators group on remote computer
3. add domain user account to local administrators group on remote
computer
4. remove local user account from remote computer
5. Report on current members of the local administrators group.
Any assistance you can provide would be greatly appreciated.
We have .Net software if that would be the best way to tackle this but I
am
not sure which way to go.
I have an example VBScript program that enumerates all members of local
Administrators group linked here:
http://www.rlmueller.net/Enumerate%20Local%20Group.htm
The program handles membership due to nested local and domain groups. In
VBScript you use the WinNT provider with local objects. To add and/or remove
users (or groups) from a local group use code similar to below. With the
steps that check for direct membership (does not reveal membership due to
group nesting), you may not need to enumerate membership:
=========
' Specify NetBIOS name of computer.
strComputer = "Test001"
' Specify NetBIOS name of domain.
strDomain = "MyDomain"
' Bind to local Administrators group on remove computer.
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
' Add a local user to the group.
' Check first if they are already a direct member.
Set objLocalUser = GetObject("WinNT://" & strComputer" & "/JimSmith,user")
If (objGroup.IsMember(objLocalUser.AdsPath) = False) Then
objGroup.Add objLocalUser.AdsPath
End If
' Add a domain user to the group.
' Check first if they are already a direct member.
Set objDomainUser = GetObject("WinNT://" & strDomain & "/JimSmith,user")
If objGroup.IsMember(objDomainUser.AdsPath) = False) Then
objGroup.Add objDomainUser.AdsPath
End If
' Remove local user from group.
' Check first that they are a direct member.
Set objLocalUser = GetObject("WinNT://" & strComputer" & "/RogerJones,user")
If (objGroup.IsMember(objLocalUser.AdsPath) = True) Then
objGroup.Remove objLocalUser.AdsPath
End If
' Remove domain user from group.
Set objDomainUser = GetObject("WinNT://" & strDomain & "/RogerJones,user")
' Check first that they are a direct member.
If objGroup.IsMember(objDomainUser.AdsPath) = True) Then
objGroup.Remove objDomainUser.AdsPath
End If
==========
All of this can be one remotely, as long as your account is a member of the
local Administrators group. By default the group Domain Admins is a member
of the local Adminstrators group when the computer is joined to the domain.
You can read NetBIOS computer names from a text file and code similar to
above in a loop. In brief:
=========
Const ForReading = 1
' Specify text file of NetBIOS names of computers.
strFile = "c:\Scripts\Computers.txt"
' Open file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)
' Read names from file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip blank lines.
If (strComputer <> "") Then
' Process this computer.
' ...
End If
Loop
' Clean up.
objFile.Close
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
.
- References:
- Prev by Date: Re: List users in local administrators group on remote machine
- Next by Date: Re: List users in local administrators group on remote machine
- Previous by thread: Re: List users in local administrators group on remote machine
- Next by thread: mail portal
- Index(es):
Relevant Pages
|
