Question for all you Windowsa scripting guru's
We have the need to findout which users ion my domain have local admin rights to their machines. Is there a program that I can run on the domain to see this?
FYI im on a 2003 domain.
FYI im on a 2003 domain.
Comments
-
Silver Bullet Member Posts: 676 ■■■□□□□□□□I believe that it would be quite complicated to test for Local Administrator group membership because of group nesting.
I believe the simplest approach would be to create a simple login script that attempts to create a text file in a directory that only someone with local administrator permissions would be able to create files in. Then run an if exist to see if the write was successful. If so, echo the username and computer name to some file out on a network share using >> to give you a single file listing. -
luckybob Member Posts: 65 ■■□□□□□□□□[script]
$domain = "domain" #insert domain name
$strComputer = "computer" #insert computer name (read from file)
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$computer.name
$Group = $computer.psbase.children.find("administrators")
$Group.name
[/script]
this should do what you need, you can just modify it to read a list of computer in your domain. This will list the users in the local administrator groups on the individual machines.