/build/static/layout/Breadcrumb_cap_w.png

I need to list all accounts with local admin right to a machine

Let me tell you what I am trying to accomplish instead of complicating the issue...

I need to be able to see the DOMAIN users with LOCAL ADMINISTRATOR rights to the machines in my environment. By leveraging KACE I can return that info, but the format leaves a lot to be desired...

Using Custom Inventory with "ShellCommandTextReturn(cmd.exe /c net localgroup administrators)"

2) Local Admin Group Users (CIF):Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
DOMAIN-\BAPM_NAS_INF
DOMAIN-\BART_OU_Administrators
DOMAIN-\Domain Admins
DOMAIN\SSDFNG
DOMAIN-\SYYEFECC
Guest
sycghs5gdng
SYJfsDGAd5sdaEA
The command completed successfully.


This is the table format I need to get to(leveraging CSV and Excel):

__________________________________
Server  | Local Admin Account Name
ServerA | DOMAIN\USER_____________
ServerA | DOMAIN\USER2____________
ServerB | DOMAIN\USER1 ___________

1 Comment   [ + ] Show comment
  • No idea on this one but congrats on your Black Belt! - petelanglois 11 years ago

Answers (4)

Answer Summary:
Posted by: SMal.tmcc 11 years ago
Red Belt
4

We use kace and I created a custom inventory rule that gets the info from the machines using net.exe

Then I use the following sql report and export to csv.

SELECT (SELECT MACHINE_CUSTOM_INVENTORY.STR_FIELD_VALUE FROM MACHINE_CUSTOM_INVENTORY WHERE MACHINE_CUSTOM_INVENTORY.ID=MACHINE.ID AND MACHINE_CUSTOM_INVENTORY.SOFTWARE_ID=22271) AS MACHINE_CUSTOM_INVENTORY_0_22271, MACHINE.NAME AS SYSTEM_NAME  FROM MACHINE   WHERE ((1  in (select 1 from MACHINE_CUSTOM_INVENTORY where MACHINE.ID = MACHINE_CUSTOM_INVENTORY.ID and MACHINE_CUSTOM_INVENTORY.SOFTWARE_ID = 22271 and MACHINE_CUSTOM_INVENTORY.STR_FIELD_VALUE is not null)) )  ORDER BY MACHINE_CUSTOM_INVENTORY_0_22271, MACHINE_CUSTOM_INVENTORY_0_22271

I open that export in excell to run a macro that does a bunch of search and replaces (with nothing) to filter the garbage text out and the known domain users out.

 


Comments:
  • SMal when i ran the report i have no machine listed. I believe its because i dont know the ID of the custom inventory report. How do i find that? CUSTOM_INVENTORY.SOFTWARE_ID=***** - CEads 11 years ago
    • The easiest method is to login to your KBOX with the /adminui URL instead of just /admin. Then go to Inventory, Software and open the software title for the custom inventory rule. The ID will be at the end of the URL. - chucksteel 11 years ago
      • also in the lower left corener of the browser window when you point mouse at item in software window - SMal.tmcc 11 years ago
    • you can also use the report creator to do this for you - SMal.tmcc 11 years ago
  • I was able to find the Software ID but when i run the report there is nothing in the report. Belwo is the report i copied from above and enter the software ID of thecustom inventory report i created just has above


    SELECT (SELECT MACHINE_CUSTOM_INVENTORY.STR_FIELD_VALUE FROM MACHINE_CUSTOM_INVENTORY WHERE MACHINE_CUSTOM_INVENTORY.ID=MACHINE.ID AND MACHINE_CUSTOM_INVENTORY.SOFTWARE_ID=79202) AS MACHINE_CUSTOM_INVENTORY_0_79202, MACHINE.NAME AS SYSTEM_NAME FROM MACHINE WHERE ((1 in (select 1 from MACHINE_CUSTOM_INVENTORY where MACHINE.ID = MACHINE_CUSTOM_INVENTORY.ID and MACHINE_CUSTOM_INVENTORY.SOFTWARE_ID = 79202 and MACHINE_CUSTOM_INVENTORY.STR_FIELD_VALUE is not null)) ) ORDER BY MACHINE_CUSTOM_INVENTORY_0_79202, MACHINE_CUSTOM_INVENTORY_0_79202 - CEads 11 years ago
    • when you look at your custom software item you created are there any machines listed at the bottom of the page yet? - SMal.tmcc 11 years ago
      • Hi Smal,
        I am also trying to create this report. I am stuck right at this point. I do not see machines at the bottom of the software item, therefore when I run the report it is empty. I used the wizard to create the report, and verified that the ID from the link is the same that is in the SQL report. Is there something else that I am missing?

        Any help would be appreciated. - Kevino2010 11 years ago
      • Apparently the syntax is different on 5.5. This is what I ended up having to use in order for it to work: ShellCommandTextReturn(cmd.exe /c powershell net.exe localgroup administrators)

        thanks - Kevino2010 11 years ago
  • here is the search and replace cleanup macro's I run, I found this much easier then messing with sql.

    macro 1:
    Sub Cleanup()
    '
    ' Cleanup Macro
    ' cleans up extra text from export
    '
    ' Keyboard Shortcut: Ctrl+c
    '
    Cells.Replace What:= _
    "Alias name administrators\nComment Administrators have complete and unrestricted access to the computer/domain\n\nMembers\n\n-------------------------------------------------------------------------------\n\n" _
    , Replacement:="", LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:= _
    False, SearchFormat:=False, ReplaceFormat:=False
    Range("B8").Select
    ActiveCell.FormulaR1C1 = _
    "Alias name administrators\nComment Administrators have complete and unrestricted access to the computer/domain\n\nMembers\n\n-------------------------------------------------------------------------------\n0\nAdministrator\ndfault\nTMCCADMN\Desktop Local Admins\nTMCCADMN\Domain Admins\nTMCCADMN\ITO PC Admins\nThe command completed successfully.\n\n"
    Cells.Replace What:= _
    "Alias name administrators\nComment Administrators have complete and unrestricted access to the computer/domain\n\nMembers\n\n-------------------------------------------------------------------------------" _
    , Replacement:="", LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:= _
    False, SearchFormat:=False, ReplaceFormat:=False
    Cells.Replace What:="\nThe command completed successfully.", Replacement:= _
    "", LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:=False, _
    SearchFormat:=False, ReplaceFormat:=False
    Cells.Replace What:="\n\n", Replacement:="", LookAt:=xlPart, SearchOrder _
    :=xlByRows, MatchCase:=False, SearchFormat:=False, ReplaceFormat:=False
    Cells.Replace What:="\n", Replacement:=" username ", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    End Sub

    macro 2:
    Sub names()
    '
    ' names Macro
    ' get rid of known names and groups
    '
    ' Keyboard Shortcut: Ctrl+n
    '
    Cells.Replace What:="username backup", Replacement:="", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Cells.Replace What:="username Administrator", Replacement:="", LookAt:= _
    xlPart, SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Cells.Replace What:="username dfault", Replacement:="", LookAt:=xlPart, _
    SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:=False, _
    ReplaceFormat:=False
    Cells.Replace What:="username TMCCADMN\Desktop Local Admins", Replacement:= _
    "", LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:=False, _
    SearchFormat:=False, ReplaceFormat:=False
    Cells.Replace What:="username TMCCADMN\Domain Admins", Replacement:="", _
    LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:= _
    False, ReplaceFormat:=False
    Cells.Replace What:="username TMCCADMN\ITO PC Admins", Replacement:="", _
    LookAt:=xlPart, SearchOrder:=xlByRows, MatchCase:=False, SearchFormat:= _
    False, ReplaceFormat:=False
    End Sub - SMal.tmcc 11 years ago
Posted by: SMal.tmcc 11 years ago
Red Belt
3

Posted by: chucksteel 11 years ago
Red Belt
2

The closest I can get is the following query:

 SELECT MACHINE.NAME, REPLACE(SUBSTRING_INDEX(SUBSTRING_INDEX(STR_FIELD_VALUE, "-------------------------------------------------------------------------------<br/>", -1), "<br/>The command completed successfully.", 1), "<br/>", ",") AS ADMINS FROM ORG1.MACHINE_CUSTOM_INVENTORY JOIN MACHINE on MACHINE.ID = MACHINE_CUSTOM_INVENTORY.ID WHERE SOFTWARE_ID = 22066 AND LOCATE("-------------------------------------------------------------------------------", STR_FIELD_VALUE) > 0

 

Note that you will need to change the SOFWARE_ID = 22066 to match the SOFTWARE_ID of your custom inventory rule that pulls in the administrators. This generates are report showing:

MACHINE1 | Admin1,Admin2,Admin3
MACHINE2 | Admin1,Admin4

MySQL doesn't include a method to break a string character into multiple rows so you would need some sort of programming to accomplish that part. It might be possible to do that part in Excel, but I'm not positive.

Posted by: flip1001 10 years ago
Black Belt
0
To get all users who are local administrators:
ShellCommandTextReturn(cmd /q /c for /f "tokens=* skip=6" %a in ('net localgroup administrators ^| find /V "The command completed successfully."') do echo %a)

To get only the domain users who are local administrators:
ShellCommandTextReturn(cmd /q /c for /f "tokens=* skip=6" %a in ('net localgroup administrators ^| find /V "The command completed successfully."') do echo %a | find /I "DOMAIN")

To get non-domain users who are local administrators:
ShellCommandTextReturn(cmd /q /c for /f "tokens=* skip=6" %a in ('net localgroup administrators ^| find /V "The command completed successfully."') do echo %a | find /I /V "DOMAIN")


Comments:
  • The code formatting messed up, the 3 code blocks are:

    1. To get all users who are local administrators

    2. To get only the domain users who are local administrators

    3. To get non-domain users who are local administrators - flip1001 10 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ