Jump to content

Local admin group members


Recommended Posts

Im new to AutoIt\scripting and need to get a list of all users who are members of the Local Admin group.

1. We have found that the onsite techs have manually added users to the local admin group.

2. We cant really pull all those users out yet

3. Our domain has multiple OU's, so I just need them from my OU.

4. The OU has about 7k machines in it

Has anybody done this\have a script created?

Thanks

Link to comment
Share on other sites

Has anybody done this\have a script created?

Thanks

I have made such a script. Very useful. Here's a simple function to do so. Requires admin rights (locally and remotely of course).-

_GetLocalAdmins()

Func _GetLocalAdmins($host = @ComputerName)
    Dim $filter[1] = ["group"]
    $colGroups = ObjGet("WinNT://" & $host & "")
    If Not IsObj($colGroups) Then Return 0
    $colGroups.Filter = $filter
    For $objGroup In $colGroups
        If $objGroup.name = "Administrators" Then
            ConsoleWrite($host & @CRLF)
            For $objUser In $objGroup.Members
                ConsoleWrite("--" & $objUser.name & @CRLF)
            Next
            ConsoleWrite(@CRLF & @CRLF)
        EndIf
    Next
EndFunc
Link to comment
Share on other sites

  • Developers

Doesn't enumerate all Local Admins. Just checks against running user privs....doesn't it?

yep, only read the OP's post halve I guess :)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • 3 weeks later...

Hello. It is great code.

I need same code.

I have tested it in Windows 7. It worked well.

I need some informaition. I couldn't found in forum and help.

I want to export this list to excel. In my programs I am using log file. xxx;xxx;xxx;xxx like that.

How can I export that kind of result? When I use For i loop, can I write results to result1;result2;resul3 in a file.....

Thanks.

Edited by FATIHTALI
Startup Agent It is my small Startup Agent. You can install programs on startup Domain pc without Admin rights.
Link to comment
Share on other sites

I've written long time ago a VBS to enumerate members from any local group recursively (maybe it is also usefull for you):

'Coded by U. Zorlu v0.98 build 2008.05.23
   'ListGroupMembership for servers recursively
   'Syntax: LGM2.vbs <Servername> <local group>
   
   'Check whether script is starting in cmd
   If instr( LCase(WScript.Fullname),"cscript.exe" ) = 0 Then
       WScript.Echo "This script must be run using cscript.exe from a command window."
       WScript.Quit()
   End If
   
   
   
   Set objArgs=WScript.Arguments
   
   If WScript.Arguments.count <1 or WScript.Arguments.count>3 Then
        WScript.Echo "Wrong parameter !"
        WScript.Echo "Syntax: cscript //nologo LGM2.vbs <Servername> <local group> <optional recursion: 0/1>" & vbCRLF
        WScript.Echo "<local group> = 'Administrators' as default, if no group is given!" & vbCRLF
        WScript.Echo "<optional recursion>: default=1 (on)"
        Wscript.Quit(1)
   End If
   
   If WScript.Arguments.count=1 Then
       strComputer=objArgs(0)
       strLGroup="Administrators" 'set Administrator as default group
       strRecursion=1
   Else
       strComputer=objArgs(0)
       strLGroup=objArgs(1)
       strRecursion=1
   End If
   
   'turn off error handling
   On Error Resume Next
   
   If objArgs(2)=0 Then
       strRecursion=0
   End If
   If Err.Number <> 0 Then
       strRecursion=1
       Err.Clear
   End If
   'turn on error handling
   On Error GoTo 0
   
   'check whether host is online
   HostOnline (strComputer)
   
   Dim array, strArrUserLDAP, strDomainName
   
   'recursion depth
   strDepth=0
   
   'get LDAP domain name
   strLDAPDN=sDomain
   
   Call LGroup
   
   Sub LGroup
     ON ERROR RESUME NEXT
     Set objGroup=GetObject("WinNT://" & strComputer & "/" & strLGroup & ",group")
     
     'if local group name doesn't exist or another error then printout error message
     If Err.Number <> 0 Then
       WScript.Echo vbCrLF & "ERROR:"
       WScript.Echo "The group name could not be found. Please check group name and restart" 
       WScript.Echo "script again. Or you don't have enough permissions on destination system."
       WScript.Quit
     End If
     Err.Clear
     ON ERROR GOTO 0
     'print out local group which should be listed
     WScript.Echo strDepth & ";" & strComputer & ";" & strLGroup
     For Each objUser in objGroup.Members
       'WScript.Echo "ADsPath:" & objUser.ADsPath
       'WScript.Echo "Name:" & objUser.Name
       'WScript.Echo "Parent:" & objUser.Parent
       'WScript.Echo "Class:" & objUser.Class
       'WScript.Echo vbCrLf
       
       If LCase(objUser.Class)="group" Then
         'WScript.Echo objUser.Name
         strDGLDAP=ADGName(objUser.Name)
         'WScript.Echo strDGLDAP
         strDomainName=Split(objUser.Parent,"//")
         strDepth=strDepth+1
         WScript.Echo  iTab(strDepth) & strDepth & ";" &  strComputer & ";" & strDomainName(1) & "\" & objUser.Name & ";group"
         'get group members recursively
         If strRecursion=1 Then
           Call ADGMembers (strDGLDAP)
         End If
       Else
         If LCase(objUser.Class)="user" Then
           'check whether object is a local user account
           If InStr(1,objUser.ADsPath, strComputer,1)<>0 Then
             strDepth=strDepth+1
             WScript.Echo  iTab(strDepth) & strDepth & ";" &  strComputer & ";" & strComputer & "\" & objUser.Name & ";" & objUser.FullName & ";local user account"
           Else
             'check whether user is only a sid number
             If InStr (1,objUser.ADsPath, "WinNT://S-1-",1)<>0 Then
               strObjInfo=objUser.Name
               strDepth=strDepth+1
               WScript.Echo  iTab(strDepth) & strDepth & ";" &  strComputer & ";" & objUser.Name & ";" & "SID"
             Else
               'get user information if available 
               'get LDAP path of user
               strULDAP=ADUName(objUser.Name)
               If strULDAP<>"" Then
                 'user information available
                 strDomainName=Split(objUser.Parent,"//")
                 strObjInfo=UserInfoAD (Left (strULDAP,(InStr(1,strULDAP,strLDAPDN,1))-2),strUserName)
                 strDepth=strDepth+1
                 WScript.Echo iTab(strDepth) & strDepth & ";" &  strComputer & ";" & strDomainName(1) & "\" & strObjInfo
               Else
                 If strULDAP="" Then
                   'no user information available
                   strDomainName=Split(objUser.Parent,"//")
                   strObjInfo=objUser.Name
                   strDepth=strDepth+1
                   WScript.Echo iTab(strDepth) & strDepth & ";" &  strComputer & ";" & strDomainName(1) & "\" & strObjInfo & ";;;user"
                 End If
               End If
             End If
           End If
         End If
       End If
       strDepth=strDepth-1
     Next
   End Sub
   
   
   'read membership of AD group recursively
   Sub ADGMembers (strG)
    On Error Resume Next
    Set objGroup=GetObject ("LDAP://" & strG & " ")
    objGroup.GetInfo
    'check whether group membership can be read
    If Err.Number<>0 Then
      strDepth=strDepth+1
      WScript.Echo iTab(strDepth) & strDepth & ";Error reading group membership!"
      strDepth=strDepth-2
    End If
    Err.Clear
    
   'start listing of group membership    
    For Each strMember in objGroup.Members
   
       'check whether AD object is a user
       If strMember.Class="user" Then
         'increase strDepth
         strDepth=strDepth+1
         'get LDAP path of user
         strArrUserLDAP=Split (strMember.ADsPath,"//")
         'get AD user id
         strUserName=Split (strMember.Name,"=")
         'get AD user info and print out info
         strObjInfo=UserInfoAD (Left ((strArrUserLDAP (1)),(InStr(1,strArrUserLDAP (1),strLDAPDN,1))-2),strUserName(1))
         'print out info
         strPos1=InStr (1, strMember.ADsPath, "DC=",1)
         strPos2=InStr (strPos1+1, strMember.ADsPath, ",",1)
         strShortDN=LCase(Mid (strMember.ADsPath, strPos1+3, (strPos2)-(strPos1+3))) & "\"
         If strObjInfo<>"" Then
           WScript.Echo iTab(strDepth) &  strDepth & ";" & strShortDN & strObjInfo
         Else
           'Print out user accounts from other domain and remove "\" from output string
           WScript.Echo iTab(strDepth) &  strDepth & ";" & strShortDN & Replace(strUserName (1), "\,", ",")
         End If
       End If
       
       'check whether AD object is a user or a group
       If strMember.Class="group" Then
         'increase strDepth
         strDepth=strDepth+1
         'get short domain name; search for 1 DC to get short domain name
         strPos1=InStr (1, strMember.ADsPath, "DC=",1)
         strPos2=InStr (strPos1+1, strMember.ADsPath, ",",1)
         strShortDN=UCase(Mid (strMember.ADsPath, strPos1+3, (strPos2)-(strPos1+3))) & "\"
         'get AD group name
         strGroupName=Split (strMember.Name,"=")
         'Print out info
         WScript.Echo iTab(strDepth) & strDepth & ";" & strShortDN & strGroupName (1) & ";" & strMember.Class
         'get LDAP path for recursion
         strTemp=Split (strMember.ADsPath,"//")
         Call ADGMembers (strTemp(1))
       End If
       
       'in any case that the recursion reachs level 0 again terminate script
       If strDepth<=0 Then
         WScript.Echo "Recursion error! Terminating."
         WScript.Quit (1)
       End If
       'decrease resursions depth when class is only 'user' or 'group' otherwise recursions depth will be negative
       If LCase(strMember.Class)="user" or LCase(strMember.Class)="group" Then
         strDepth=strDepth-1
       End If
    Next
   End Sub
   
   
   'get username and mail information if exists
   Function UserInfoAD (strADName, strUID)
   ON ERROR RESUME NEXT
     Set objRootDSE=GetObject("LDAP://rootDSE")
     If strADName="" Then
       Set objItem=GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext"))
     Else
       Set objItem=GetObject("LDAP://" & strADName & "," & objRootDSE.Get("defaultNamingContext"))
     End If
     'WScript.Echo vbCrLf & vbCrLf & "GivenName:" & objItem.Get("givenname")
     'WScript.Echo "Name:" & objItem.Get("name")
     'WScript.Echo "UserID:" & objItem.Get("userprincipalname")
     'WScript.Echo "LoginName:" & objItem.Get("samaccountname")
     'WScript.Echo "given UID:" & strUID
     'WScript.Echo "Initials:" & objItem.Get("initials")
     'WScript.Echo "LastName:" & objItem.Get("sn")
     'WScript.Echo "DisplayName:" & objItem.Get("displayName")
     'WScript.Echo "Description:" & objItem.Get("description") & vbCrLf & vbCrLf
     'WScript.Echo "Never Expires: " & objItem.Get("useraccountcontrol")
     'save user login id
     strUserID=objItem.Get("samaccountname")
     'save full name
     strDisplayName=objItem.Get("displayname")
     'save email address if available
     strmail=objItem.Get("mail")
     'set print out string
     UserInfoAD=strUserID & ";" & strDisplayName & ";" & strmail & ";user"
   End Function
   
   
   'Get LDAP path for group
   Function ADGName (strGrp)
   'WScript.Echo strGrp
   ON ERROR RESUME NEXT
     Const ADS_SCOPE_SUBTREE=2
     Set objConnection=CreateObject("ADODB.Connection")
     Set objCommand=  CreateObject("ADODB.Command")
     objConnection.Provider="ADsDSOObject"
     objConnection.Open "Active Directory Provider"
     Set objCommand.ActiveConnection=objConnection
     objCommand.Properties("Page Size")=50000
     objCommand.Properties("Searchscope")=ADS_SCOPE_SUBTREE 
     objCommand.CommandText=_
       "SELECT distinguishedName FROM 'LDAP://" & strLDAPDN & "'" & " " & _
           "WHERE objectCategory='group' " & _
               "AND Name='" & strGrp & "'" & "OR sAMAccountName='" & strGrp & "'"
     Set objRecordSet=objCommand.Execute
     objRecordSet.MoveFirst
     Do Until objRecordSet.EOF
       strDN=objRecordSet.Fields("distinguishedName").Value
       ADGName=strDN
       objRecordSet.MoveNext
     Loop
   End Function
   
   
   'Get LDAP path for user
   Function ADUName (strUsr)
     ON ERROR RESUME NEXT
     Const ADS_SCOPE_SUBTREE=2
     Set objConnection=CreateObject("ADODB.Connection")
     Set objCommand=CreateObject("ADODB.Command")
     objConnection.Provider="ADsDSOObject"
     objConnection.Open "Active Directory Provider"
     Set objCommand.ActiveConnection=objConnection
     objCommand.Properties("Page Size")=50000
     objCommand.Properties("Searchscope")=ADS_SCOPE_SUBTREE 
     objCommand.CommandText=_
       "SELECT distinguishedName FROM 'LDAP://" & strLDAPDN & "'" & " " & _
           "WHERE objectCategory='user' " & _
               "AND SAMAccountName='" & strUsr & "'"
     Set objRecordSet=objCommand.Execute
     objRecordSet.MoveFirst
     Do Until objRecordSet.EOF
       strDN=objRecordSet.Fields("distinguishedName").Value
       ADUName=strDN
       objRecordSet.MoveNext
     Loop
   End Function
   
   
   'get actual domain name space
   Function sDomain
       ON ERROR RESUME NEXT
       Set oConnAD=CreateObject("ADODB.Connection")
       Set oCommAD=CreateObject("ADODB.Command")
       oConnAD.Open "Provider=ADSDSOObject"
       Set oCommAD.ActiveConnection=oConnAD
       oCommAD.Properties("Page Size")=500000
       Set oRoot=GetObject("LDAP://RootDSE")
       sDomain=oRoot.Get("DefaultNamingContext") 
   End Function
   
   
   'insert tabs
   Function iTab (i)
     strTab=""
     For x=1 to i
       strTab=strTab & vbTab
     Next
     iTab=strTab
   End Function
   
   
   Function HostOnline (strHost)
     'Check whether server is online
     strOnline=1
     Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}")._
           ExecQuery("select StatusCode from Win32_PingStatus where address = '"_
               & strHost & "'")
     For Each objStatus in objPing
       If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then 
         WScript.Echo vbCrLf & "Server " & strComputer & " is not reachable"
         strOnline=0
       End If
     Next
     'If offline then exit
     If strOnline=0 Then
       WScript.Quit(1)
     End If
   End Function

You can try to convert it to AU3 (currently I'm too lazy to do it). :) Further you can check SIC2 which creates alike output files you mentioned!

Slm,

UEZ

PS: I've also a VBS for enumerating the members of an AD group recursively (similar to the vbs above). So if somebody is interessted in that script write me a pm!

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

Im new to AutoIt\scripting and need to get a list of all users who are members of the Local Admin group.

1. We have found that the onsite techs have manually added users to the local admin group.

2. We cant really pull all those users out yet

3. Our domain has multiple OU's, so I just need them from my OU.

4. The OU has about 7k machines in it

Has anybody done this\have a script created?

Thanks

I could write list to file. In all most computer it worked well. but some computer wrong. Result is under.

anyone has got any idea?

Administrator;18CLIENTADM;Administrator;Administrator;18CLIENTADM;18CLIENTADM;Domain Admins;Domain Admins;ARG055DTWS

Startup Agent It is my small Startup Agent. You can install programs on startup Domain pc without Admin rights.
Link to comment
Share on other sites

Hi.

I've written long time ago a VBS to enumerate members from any local group recursively (maybe it is also usefull for you):

'Coded by U. Zorlu v0.98 build 2008.05.23
   'ListGroupMembership for servers recursively
   'Syntax: LGM2.vbs <Servername> <local group>
 
<snip>

   If WScript.Arguments.count=1 Then
       strComputer=objArgs(0)
       strLGroup="Administrators" 'set Administrator as default group
       strRecursion=1
   Else
This will address the group "Administrators" for English Windows installations. IIRC the buildin objects always have exactly the same (relative) UID within a given Windows installation:

1.) Administrator

2.) local group of "Administrators"

3.) user "Guest"

4.) local group "Guests"

The name for all but 1.) can vary depending on the localisation of the Windows installlation: In German e.g. its "Administrator", "Administratoren", "Gast","Gäste".

So a question I couldn't answer so far is: HOWTO address the buildin groups and users WITHOUT using their literal names? For example by using some alias, the relative UID, or any other way that will be the same, no matter what's the local language of this Windows installation?

Regards, Rudi.

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Link to comment
Share on other sites

Hi.

This will address the group "Administrators" for English Windows installations. IIRC the buildin objects always have exactly the same (relative) UID within a given Windows installation:

1.) Administrator

2.) local group of "Administrators"

3.) user "Guest"

4.) local group "Guests"

The name for all but 1.) can vary depending on the localisation of the Windows installlation: In German e.g. its "Administrator", "Administratoren", "Gast","Gäste".

So a question I couldn't answer so far is: HOWTO address the buildin groups and users WITHOUT using their literal names? For example by using some alias, the relative UID, or any other way that will be the same, no matter what's the local language of this Windows installation?

Regards, Rudi.

We are working only with US versions and thus I coded it in US version only. Feel free to modify the code. As fas as I can remember there are different SIDs representing the build-in groups -> http://support.microsoft.com/kb/243330. You need to modify the code appropriately.

It should also work for non US version if you enter the group name explicit, e.g. for German version: cscript LGM2.vbs //nologo localhost administratoren

If you leave the group name empty then it will not work with the default group "Administrators" for non US versions!

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...