You will need this vbs script and batch file to create this:
fadmins.vbs
CreateObject("Wscript.Shell").Run "C:\ProgramData\Dell\KACE\user\filteredadmins.bat",0,True
FilteredAdmins.batecho offTake above batch code and modify the lower portion to reflect any users you want to filer out. Make sure the last write to text file is named what ever you plan on using in the CIR "shell command text return statement"
if exist c:\programdata\dell\kace\user\out.txt del c:\programdata\dell\kace\user\out.txt /q
for /f "tokens=* skip=6" %%g in ('net localgroup administrators') do echo %%g >> c:\programdata\dell\kace\user\out.txt
for %%g in (c:\programdata\dell\kace\user\out.txt) do (findstr /v /b /c:"The command" %%g > c:\programdata\dell\kace\user\admins.txt)
REM:: this part removes the IT approved users and groups ::
for %%g in (c:\programdata\dell\kace\user\admins.txt) do (findstr /v /b /c:"localuser" %%g > c:\programdata\dell\kace\user\temp1.txt)
for %%g in (c:\programdata\dell\kace\user\temp1.txt) do (findstr /v /b /c:"localuser2" %%g > c:\programdata\dell\kace\user\temp.txt)
for %%g in (c:\programdata\dell\kace\user\temp.txt) do (findstr /v /b /c:"Administrator" %%g > c:\programdata\dell\kace\user\temp1.txt)
for %%g in (c:\programdata\dell\kace\user\temp1.txt) do (findstr /v /b /c:"domain\Desktop Local Admins" %%g > c:\programdata\dell\kace\user\temp.txt)
for %%g in (c:\programdata\dell\kace\user\temp.txt) do (findstr /v /b /c:"domain\Domain Admins" %%g > c:\programdata\dell\kace\user\temp1.txt)
for %%g in (c:\programdata\dell\kace\user\temp1.txt) do (findstr /v /b /c:"domain\ITO PC Admins" %%g > c:\programdata\dell\kace\user\filteredadmins.txt)
del c:\programdata\dell\kace\user\temp*.txt /q
Zip the vbs and batch file up together to attach to the CIR you will create next.
CIR1 attach zip file to this one (see at bottom of screen shot)
ShellCommandTextReturn(cmd /c cscript /b c:\programdata\dell\kace\user\fadmins.vbs&type c:\programdata\dell\kace\user\filteredadmins.txt )
CIR2
ShellCommandTextReturn(cmd /c type c:\programdata\dell\kace\user\admins.txt )
Create file sync or MI to install the files from the 1st CIR
You will need to use a MI if you do not have a common user to file sync with, the MI will install as system.
File sync method: (suggested by fellow ITNinja blaise_gregory)
MI method will require an install bat also:
xcopy filteredadmins.bat "c:\programdata\dell\kace\user" /q /yadd the install bat to the zip if you choose the MI method
xcopy fadmins.vbs "c:\programdata\dell\kace\user" /q /y
MI Method:
create reports (we use the built-in Kace notes field to list who is approved to be local admin)
filter on the CIR field you are using as "is not null"
Wizard created reports looks like this:
Custom inventory under the machine looks like this:
They could also be run as K1000 scripts instead of MI if a fixed folder for the output files is present (e.g C:\Windows\). That would be a way to schedule the local admin evaluation on a regular basis. The CIRs would fetch updated data with every inventory. - chrpetri 9 years ago
ShellCommandTextReturn(cmd.exe /c net localgroup Administrators | FINDSTR /V "Administrator" | FINDSTR /V "Members" | FINDSTR /V "The command completed successfully." | FIND /V "-------------------------------------------------------------------------------") - SDNBTP 9 years ago
Basically what I did was to modify the above FilteredAdmins.bat file as needed, used a script to copy it to the machine and then execute, created a CIR to retrieve the .txt file results from the machine and created a report (like one above) to report the results. Works great! - bnerison 9 years ago