Local Admin audit on workstations
I have been given the task to find a way to check who has local admin rights on our workstations. I have done some research and there are bits of code which can accomplish this. I must admit scripting is not one of my strengths. Here are a few approaches I am pondering on:
- VB script, set as a computer startup script in AD. Whenever the computer starts up, it will run the script and dump out the results on the local drive and on a network share (just like the MS04-028 scanning tool w/o SMS does).
- KIX script/Logon script, dump the results to the network share
- VB script to do online scanning of a list of PC names or the domain
- VB script, set as a computer startup script in AD. Whenever the computer starts up, it will run the script and dump out the results on the local drive and on a network share (just like the MS04-028 scanning tool w/o SMS does).
- KIX script/Logon script, dump the results to the network share
- VB script to do online scanning of a list of PC names or the domain
0 Comments
[ + ] Show comments
Answers (16)
Please log in to answer
Posted by:
pjohnson
20 years ago
Here is what we came up with this afternoon, that I would like to share. This script can scan all computers which are currently online in a specified OU.
You will see the progress in the DOS box while the script is running. The log file is created in the same directory as where the script is run.
Once you have the log file, you can open it in Excel and manipulate the data. (Tip: use AutoFilter in Excel)
You will see the progress in the DOS box while the script is running. The log file is created in the same directory as where the script is run.
Once you have the log file, you can open it in Excel and manipulate the data. (Tip: use AutoFilter in Excel)
Dim sTrComputer
Dim colPingedComputers
' Change this to the OU you would like to check
strComputerContainer = "ou=computers,dc=domain,dc=com"
Set objContainer = GetObject("LDAP://" & strComputerContainer)
objContainer.Filter = Array("Computer")
' The log file will be created in the same location as the script
strLogFile = "LocalAdmins.LOG"
' Emunerate the local group 'Administrators'. This can be changed. ie: Power Users, Network Configuration Operations
strLocalAdminGroup = "Administrators"
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set objLogFile = objFSO.CreateTextFile(strLogFile, NO_OVERWRITE)
If Err.Number <> 0 Then
' Before running the script, make sure the log file does NOT exisit otherwise the script will stop
WScript.Echo "Cannot create " & strLogFile & " -OR- " & strLogFile & " already exists."
WScript.Quit
End If
On Error GoTo 0
objLogFile.WriteLine("**************** Started at " & Now() & "****************")
objLogFile.WriteLine()
objLogFile.WriteLine("Machine Name,Local Administrators")
On Error Resume Next
For Each objComputer In objContainer
strComputer = Split(objComputer.Name, "=")(1)
Call GetLocalAdmins(strComputer)
Next
objLogFile.WriteLine()
objLogFile.WriteLine("**************** Finished at " & Now() & "****************")
objLogFile.Close
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
' SUB GetLocalAdmins
' purpose: Retrieve list of local administrators from online machines
' input: strComputer (a machine name)
' output: results are echoed on screen and saved in strLogFile
' notes: uses Win32_PingStatus class ("strPinger" must be XP or 2003)
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
Sub GetLocalAdmins(HostName)
strPinger = "."
Set colPingedComputers = GetObject("winmgmts:{impersonationLevel=impersonate}//" & strPinger & "/root/cimv2"). ExecQuery("SELECT * FROM Win32_PingStatus " & "WHERE Address = '" + strComputer + "'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
WScript.Echo "Processing " & strComputer
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
For Each objLocalAdmin In objLocalAdminGroup.Members
objLogFile.WriteLine(strComputer & "," & objLocalAdmin.Name)
Next
Set objLocalAdminGroup = Nothing
Else
WScript.Echo strComputer & " Offline"
objLogFile.WriteLine(strComputer & " Offline")
End If
Next
End Sub
Posted by:
Sweede
19 years ago
Thank you!
nice script works fine
I have had this anoying issue for some time to. Users have been given administrative rights and some one has forgotten to remove
them afterwards.
[;)]
I will make som changes to meet my needs
Sweede ;-)
nice script works fine
I have had this anoying issue for some time to. Users have been given administrative rights and some one has forgotten to remove
them afterwards.
[;)]
I will make som changes to meet my needs
Sweede ;-)
Posted by:
Akkadian
19 years ago
How would I go about specifing my ou? When I look at the domain I see domain, then group x and under x is my group. then computers. So I have...
blah.blah.domain.com
|
|_Group X
..............|_Group 1
..............|_Group 2
..............|_Group 3
...........................|_Computers
blah.blah.domain.com
|
|_Group X
Posted by:
pjohnson
19 years ago
Edit this line to point to the OU you want to grab the computer names from:
' Change this to the OU you would like to check
strComputerContainer = "ou=computers,dc=domain,dc=com"
strComputerContainer = "ou=computers,dc=domain,dc=com"
Posted by:
Akkadian
19 years ago
So is this right for mine?
strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"
Sorry... I'm new at this...
strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"
Sorry... I'm new at this...
Posted by:
pjohnson
19 years ago
Try this:
strComputerContainer = "ou=groupx,ou=group1,ou=computers,dc=domain,dc=com"
strComputerContainer = "ou=groupx,ou=group1,ou=computers,dc=domain,dc=com"
ORIGINAL: Akkadian
So is this right for mine?
strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"
Sorry... I'm new at this...
strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"
Posted by:
ehammett
19 years ago
Hopefully this thread isn't abandoned.....
HOwever when I try to modify the script I get an error 'There is no such object on server'
My hierarchy is as such:
OU=MyBusiness
|
|
----OU=Computers
|
|
-------OU=SBSComputers
Here is what I have in my script: (may wrap)
' Change this to the OU you would like to check
strComputerContainer = "ou=MyBusiness,ou=computers,ou=SBScomputers,dc=houston,dc=local"
What am I doing wrong here?
HOwever when I try to modify the script I get an error 'There is no such object on server'
My hierarchy is as such:
OU=MyBusiness
|
|
----OU=Computers
|
|
-------OU=SBSComputers
Here is what I have in my script: (may wrap)
' Change this to the OU you would like to check
strComputerContainer = "ou=MyBusiness,ou=computers,ou=SBScomputers,dc=houston,dc=local"
What am I doing wrong here?
Posted by:
pjohnson
19 years ago
Looks like you got the OU's the wrong way around.
Try this:
' Change this to the OU you would like to check
strComputerContainer = "ou=SBScomputers,ou=computers,ou=MyBusiness,dc=houston,dc=local"
Try this:
' Change this to the OU you would like to check
strComputerContainer = "ou=SBScomputers,ou=computers,ou=MyBusiness,dc=houston,dc=local"
ORIGINAL: ehammett
Hopefully this thread isn't abandoned.....
HOwever when I try to modify the script I get an error 'There is no such object on server'
My hierarchy is as such:
OU=MyBusiness
|
|
----OU=Computers
|
|
-------OU=SBSComputers
Here is what I have in my script: (may wrap)
' Change this to the OU you would like to check
strComputerContainer = "ou=MyBusiness,ou=computers,ou=SBScomputers,dc=houston,dc=local"
What am I doing wrong here?
Posted by:
ehammett
19 years ago
Thanks PJ. you were right I had it backwards! Worked just fine
Another question however. I was trying it at another client of mine who has a domain of something like apples.com however thier display name is 'oranges'.
They have all their computer accounts in the default 'Computers' OU, however when I change the script to
strComputerContainer = "ou=computers,dc=apples,dc=com"
It erros out saying 'There is no such object on server'
However when I changed it to "ou=computers,dc=oranges,dc=com"
I get the error "A referral was recieved from the server'
Cant' figure out what I am doing wrong on this one?
Thanks again!
Another question however. I was trying it at another client of mine who has a domain of something like apples.com however thier display name is 'oranges'.
They have all their computer accounts in the default 'Computers' OU, however when I change the script to
strComputerContainer = "ou=computers,dc=apples,dc=com"
It erros out saying 'There is no such object on server'
However when I changed it to "ou=computers,dc=oranges,dc=com"
I get the error "A referral was recieved from the server'
Cant' figure out what I am doing wrong on this one?
Thanks again!
Posted by:
markholmes24
19 years ago
When I try to run it I get the following message
(5,1) (null): A referral was returned from the server
Any ideas?
Computers are in the default COmputers OU, domain is napierbrown.co.uk.
Anyhelp much appreciated!.
============================
Dim sTrComputer
Dim colPingedComputers
' Change this to the OU you would like to check
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"
Set objContainer = GetObject("LDAP://" & strComputerContainer)
objContainer.Filter = Array("Computer")
' The log file will be created in the same location as the script
strLogFile = "LocalAdmins.LOG"
' Emunerate the local group 'Administrators'. This can be changed. ie: Power Users, Network Configuration Operations
strLocalAdminGroup = "Administrators"
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set objLogFile = objFSO.CreateTextFile(strLogFile, NO_OVERWRITE)
If Err.Number <> 0 Then
' Before running the script, make sure the log file does NOT exisit otherwise the script will stop
WScript.Echo "Cannot create " & strLogFile & " -OR- " & strLogFile & " already exists."
WScript.Quit
End If
On Error GoTo 0
objLogFile.WriteLine("**************** Started at " & Now() & "****************")
objLogFile.WriteLine()
objLogFile.WriteLine("Machine Name,Local Administrators")
On Error Resume Next
For Each objComputer In objContainer
strComputer = Split(objComputer.Name, "=")(1)
Call GetLocalAdmins(strComputer)
Next
objLogFile.WriteLine()
objLogFile.WriteLine("**************** Finished at " & Now() & "****************")
objLogFile.Close
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
' SUB GetLocalAdmins
' purpose: Retrieve list of local administrators from online machines
' input: strComputer (a machine name)
' output: results are echoed on screen and saved in strLogFile
' notes: uses Win32_PingStatus class ("strPinger" must be XP or 2003)
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
Sub GetLocalAdmins(HostName)
strPinger = "."
Set colPingedComputers = GetObject("winmgmts:{impersonationLevel=impersonate}//" & strPinger & "/root/cimv2"). ExecQuery("SELECT * FROM Win32_PingStatus " & "WHERE Address = '" + strComputer + "'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
WScript.Echo "Processing " & strComputer
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
For Each objLocalAdmin In objLocalAdminGroup.Members
objLogFile.WriteLine(strComputer & "," & objLocalAdmin.Name)
Next
Set objLocalAdminGroup = Nothing
Else
WScript.Echo strComputer & " Offline"
objLogFile.WriteLine(strComputer & " Offline")
End If
Next
End Sub
(5,1) (null): A referral was returned from the server
Any ideas?
Computers are in the default COmputers OU, domain is napierbrown.co.uk.
Anyhelp much appreciated!.
============================
Dim sTrComputer
Dim colPingedComputers
' Change this to the OU you would like to check
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"
Set objContainer = GetObject("LDAP://" & strComputerContainer)
objContainer.Filter = Array("Computer")
' The log file will be created in the same location as the script
strLogFile = "LocalAdmins.LOG"
' Emunerate the local group 'Administrators'. This can be changed. ie: Power Users, Network Configuration Operations
strLocalAdminGroup = "Administrators"
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set objLogFile = objFSO.CreateTextFile(strLogFile, NO_OVERWRITE)
If Err.Number <> 0 Then
' Before running the script, make sure the log file does NOT exisit otherwise the script will stop
WScript.Echo "Cannot create " & strLogFile & " -OR- " & strLogFile & " already exists."
WScript.Quit
End If
On Error GoTo 0
objLogFile.WriteLine("**************** Started at " & Now() & "****************")
objLogFile.WriteLine()
objLogFile.WriteLine("Machine Name,Local Administrators")
On Error Resume Next
For Each objComputer In objContainer
strComputer = Split(objComputer.Name, "=")(1)
Call GetLocalAdmins(strComputer)
Next
objLogFile.WriteLine()
objLogFile.WriteLine("**************** Finished at " & Now() & "****************")
objLogFile.Close
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
' SUB GetLocalAdmins
' purpose: Retrieve list of local administrators from online machines
' input: strComputer (a machine name)
' output: results are echoed on screen and saved in strLogFile
' notes: uses Win32_PingStatus class ("strPinger" must be XP or 2003)
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
Sub GetLocalAdmins(HostName)
strPinger = "."
Set colPingedComputers = GetObject("winmgmts:{impersonationLevel=impersonate}//" & strPinger & "/root/cimv2"). ExecQuery("SELECT * FROM Win32_PingStatus " & "WHERE Address = '" + strComputer + "'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
WScript.Echo "Processing " & strComputer
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
For Each objLocalAdmin In objLocalAdminGroup.Members
objLogFile.WriteLine(strComputer & "," & objLocalAdmin.Name)
Next
Set objLocalAdminGroup = Nothing
Else
WScript.Echo strComputer & " Offline"
objLogFile.WriteLine(strComputer & " Offline")
End If
Next
End Sub
Posted by:
brenthunter2005
19 years ago
Change the following line from
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"
to
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"
to
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"
Posted by:
markholmes24
19 years ago
Many thanks for that Brett - thats that bit sorted.I'm now getting 'no such object on the server' - any ideas? The computers are in AD in the default 'Computers' container, thus
napierbrown.co.uk
|
|
Computers
napierbrown.co.uk
|
|
Computers
Posted by:
ehammett
19 years ago
The default container "Computers" in Active Directory Users & Computers is not an OU, so your syntax is wrong. I had the same problem see post above.
So change strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"
to strComputerContainer = "cn=Computers,dc=napierbrown,dc=co,dc=uk"
that should work at least it worked for me. Let me know if this helps.
So change strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"
to strComputerContainer = "cn=Computers,dc=napierbrown,dc=co,dc=uk"
that should work at least it worked for me. Let me know if this helps.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.