Options

Question for all you Windowsa scripting guru's

qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
in Off-Topic
We have the need to findout which users ion my domain have local admin rights to their machines. Is there a program that I can run on the domain to see this?

FYI im on a 2003 domain.
· Share on FacebookShare on Twitter

Comments

  • Options
    Silver BulletSilver Bullet Member Posts: 676 ■■■□□□□□□□
    I believe that it would be quite complicated to test for Local Administrator group membership because of group nesting.

    I believe the simplest approach would be to create a simple login script that attempts to create a text file in a directory that only someone with local administrator permissions would be able to create files in. Then run an if exist to see if the write was successful. If so, echo the username and computer name to some file out on a network share using >> to give you a single file listing.
    · Share on FacebookShare on Twitter
  • Options
    luckybobluckybob Member Posts: 65 ■■□□□□□□□□
    [script]
    $domain = "domain" #insert domain name
    $strComputer = "computer" #insert computer name (read from file)

    $computer = [ADSI]("WinNT://" + $strComputer + ",computer")
    $computer.name

    $Group = $computer.psbase.children.find("administrators")
    $Group.name
    [/script]

    this should do what you need, you can just modify it to read a list of computer in your domain. This will list the users in the local administrator groups on the individual machines.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.