kellarm Posted May 12, 2009 Share Posted May 12, 2009 Im new to AutoIt\scripting and need to get a list of all users who are members of the Local Admin group. 1. We have found that the onsite techs have manually added users to the local admin group. 2. We cant really pull all those users out yet 3. Our domain has multiple OU's, so I just need them from my OU. 4. The OU has about 7k machines in it Has anybody done this\have a script created? Thanks Link to comment Share on other sites More sharing options...
spudw2k Posted May 12, 2009 Share Posted May 12, 2009 Has anybody done this\have a script created? ThanksI have made such a script. Very useful. Here's a simple function to do so. Requires admin rights (locally and remotely of course).- _GetLocalAdmins() Func _GetLocalAdmins($host = @ComputerName) Dim $filter[1] = ["group"] $colGroups = ObjGet("WinNT://" & $host & "") If Not IsObj($colGroups) Then Return 0 $colGroups.Filter = $filter For $objGroup In $colGroups If $objGroup.name = "Administrators" Then ConsoleWrite($host & @CRLF) For $objUser In $objGroup.Members ConsoleWrite("--" & $objUser.name & @CRLF) Next ConsoleWrite(@CRLF & @CRLF) EndIf Next EndFunc vCon and Synapsee 1 1 Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Developers Jos Posted May 12, 2009 Developers Share Posted May 12, 2009 IsAdmin() ? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
spudw2k Posted May 12, 2009 Share Posted May 12, 2009 IsAdmin() ?JosDoesn't enumerate all Local Admins. Just checks against running user privs....doesn't it? Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Developers Jos Posted May 12, 2009 Developers Share Posted May 12, 2009 Doesn't enumerate all Local Admins. Just checks against running user privs....doesn't it?yep, only read the OP's post halve I guess SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
FATIHTALI Posted June 1, 2009 Share Posted June 1, 2009 (edited) Hello. It is great code. I need same code. I have tested it in Windows 7. It worked well. I need some informaition. I couldn't found in forum and help. I want to export this list to excel. In my programs I am using log file. xxx;xxx;xxx;xxx like that. How can I export that kind of result? When I use For i loop, can I write results to result1;result2;resul3 in a file..... Thanks. Edited June 1, 2009 by FATIHTALI Startup Agent It is my small Startup Agent. You can install programs on startup Domain pc without Admin rights. Link to comment Share on other sites More sharing options...
UEZ Posted June 1, 2009 Share Posted June 1, 2009 (edited) I've written long time ago a VBS to enumerate members from any local group recursively (maybe it is also usefull for you):expandcollapse popup'Coded by U. Zorlu v0.98 build 2008.05.23 'ListGroupMembership for servers recursively 'Syntax: LGM2.vbs <Servername> <local group> 'Check whether script is starting in cmd If instr( LCase(WScript.Fullname),"cscript.exe" ) = 0 Then WScript.Echo "This script must be run using cscript.exe from a command window." WScript.Quit() End If Set objArgs=WScript.Arguments If WScript.Arguments.count <1 or WScript.Arguments.count>3 Then WScript.Echo "Wrong parameter !" WScript.Echo "Syntax: cscript //nologo LGM2.vbs <Servername> <local group> <optional recursion: 0/1>" & vbCRLF WScript.Echo "<local group> = 'Administrators' as default, if no group is given!" & vbCRLF WScript.Echo "<optional recursion>: default=1 (on)" Wscript.Quit(1) End If If WScript.Arguments.count=1 Then strComputer=objArgs(0) strLGroup="Administrators" 'set Administrator as default group strRecursion=1 Else strComputer=objArgs(0) strLGroup=objArgs(1) strRecursion=1 End If 'turn off error handling On Error Resume Next If objArgs(2)=0 Then strRecursion=0 End If If Err.Number <> 0 Then strRecursion=1 Err.Clear End If 'turn on error handling On Error GoTo 0 'check whether host is online HostOnline (strComputer) Dim array, strArrUserLDAP, strDomainName 'recursion depth strDepth=0 'get LDAP domain name strLDAPDN=sDomain Call LGroup Sub LGroup ON ERROR RESUME NEXT Set objGroup=GetObject("WinNT://" & strComputer & "/" & strLGroup & ",group") 'if local group name doesn't exist or another error then printout error message If Err.Number <> 0 Then WScript.Echo vbCrLF & "ERROR:" WScript.Echo "The group name could not be found. Please check group name and restart" WScript.Echo "script again. Or you don't have enough permissions on destination system." WScript.Quit End If Err.Clear ON ERROR GOTO 0 'print out local group which should be listed WScript.Echo strDepth & ";" & strComputer & ";" & strLGroup For Each objUser in objGroup.Members 'WScript.Echo "ADsPath:" & objUser.ADsPath 'WScript.Echo "Name:" & objUser.Name 'WScript.Echo "Parent:" & objUser.Parent 'WScript.Echo "Class:" & objUser.Class 'WScript.Echo vbCrLf If LCase(objUser.Class)="group" Then 'WScript.Echo objUser.Name strDGLDAP=ADGName(objUser.Name) 'WScript.Echo strDGLDAP strDomainName=Split(objUser.Parent,"//") strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";" & strComputer & ";" & strDomainName(1) & "\" & objUser.Name & ";group" 'get group members recursively If strRecursion=1 Then Call ADGMembers (strDGLDAP) End If Else If LCase(objUser.Class)="user" Then 'check whether object is a local user account If InStr(1,objUser.ADsPath, strComputer,1)<>0 Then strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";" & strComputer & ";" & strComputer & "\" & objUser.Name & ";" & objUser.FullName & ";local user account" Else 'check whether user is only a sid number If InStr (1,objUser.ADsPath, "WinNT://S-1-",1)<>0 Then strObjInfo=objUser.Name strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";" & strComputer & ";" & objUser.Name & ";" & "SID" Else 'get user information if available 'get LDAP path of user strULDAP=ADUName(objUser.Name) If strULDAP<>"" Then 'user information available strDomainName=Split(objUser.Parent,"//") strObjInfo=UserInfoAD (Left (strULDAP,(InStr(1,strULDAP,strLDAPDN,1))-2),strUserName) strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";" & strComputer & ";" & strDomainName(1) & "\" & strObjInfo Else If strULDAP="" Then 'no user information available strDomainName=Split(objUser.Parent,"//") strObjInfo=objUser.Name strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";" & strComputer & ";" & strDomainName(1) & "\" & strObjInfo & ";;;user" End If End If End If End If End If End If strDepth=strDepth-1 Next End Sub 'read membership of AD group recursively Sub ADGMembers (strG) On Error Resume Next Set objGroup=GetObject ("LDAP://" & strG & " ") objGroup.GetInfo 'check whether group membership can be read If Err.Number<>0 Then strDepth=strDepth+1 WScript.Echo iTab(strDepth) & strDepth & ";Error reading group membership!" strDepth=strDepth-2 End If Err.Clear 'start listing of group membership For Each strMember in objGroup.Members 'check whether AD object is a user If strMember.Class="user" Then 'increase strDepth strDepth=strDepth+1 'get LDAP path of user strArrUserLDAP=Split (strMember.ADsPath,"//") 'get AD user id strUserName=Split (strMember.Name,"=") 'get AD user info and print out info strObjInfo=UserInfoAD (Left ((strArrUserLDAP (1)),(InStr(1,strArrUserLDAP (1),strLDAPDN,1))-2),strUserName(1)) 'print out info strPos1=InStr (1, strMember.ADsPath, "DC=",1) strPos2=InStr (strPos1+1, strMember.ADsPath, ",",1) strShortDN=LCase(Mid (strMember.ADsPath, strPos1+3, (strPos2)-(strPos1+3))) & "\" If strObjInfo<>"" Then WScript.Echo iTab(strDepth) & strDepth & ";" & strShortDN & strObjInfo Else 'Print out user accounts from other domain and remove "\" from output string WScript.Echo iTab(strDepth) & strDepth & ";" & strShortDN & Replace(strUserName (1), "\,", ",") End If End If 'check whether AD object is a user or a group If strMember.Class="group" Then 'increase strDepth strDepth=strDepth+1 'get short domain name; search for 1 DC to get short domain name strPos1=InStr (1, strMember.ADsPath, "DC=",1) strPos2=InStr (strPos1+1, strMember.ADsPath, ",",1) strShortDN=UCase(Mid (strMember.ADsPath, strPos1+3, (strPos2)-(strPos1+3))) & "\" 'get AD group name strGroupName=Split (strMember.Name,"=") 'Print out info WScript.Echo iTab(strDepth) & strDepth & ";" & strShortDN & strGroupName (1) & ";" & strMember.Class 'get LDAP path for recursion strTemp=Split (strMember.ADsPath,"//") Call ADGMembers (strTemp(1)) End If 'in any case that the recursion reachs level 0 again terminate script If strDepth<=0 Then WScript.Echo "Recursion error! Terminating." WScript.Quit (1) End If 'decrease resursions depth when class is only 'user' or 'group' otherwise recursions depth will be negative If LCase(strMember.Class)="user" or LCase(strMember.Class)="group" Then strDepth=strDepth-1 End If Next End Sub 'get username and mail information if exists Function UserInfoAD (strADName, strUID) ON ERROR RESUME NEXT Set objRootDSE=GetObject("LDAP://rootDSE") If strADName="" Then Set objItem=GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext")) Else Set objItem=GetObject("LDAP://" & strADName & "," & objRootDSE.Get("defaultNamingContext")) End If 'WScript.Echo vbCrLf & vbCrLf & "GivenName:" & objItem.Get("givenname") 'WScript.Echo "Name:" & objItem.Get("name") 'WScript.Echo "UserID:" & objItem.Get("userprincipalname") 'WScript.Echo "LoginName:" & objItem.Get("samaccountname") 'WScript.Echo "given UID:" & strUID 'WScript.Echo "Initials:" & objItem.Get("initials") 'WScript.Echo "LastName:" & objItem.Get("sn") 'WScript.Echo "DisplayName:" & objItem.Get("displayName") 'WScript.Echo "Description:" & objItem.Get("description") & vbCrLf & vbCrLf 'WScript.Echo "Never Expires: " & objItem.Get("useraccountcontrol") 'save user login id strUserID=objItem.Get("samaccountname") 'save full name strDisplayName=objItem.Get("displayname") 'save email address if available strmail=objItem.Get("mail") 'set print out string UserInfoAD=strUserID & ";" & strDisplayName & ";" & strmail & ";user" End Function 'Get LDAP path for group Function ADGName (strGrp) 'WScript.Echo strGrp ON ERROR RESUME NEXT Const ADS_SCOPE_SUBTREE=2 Set objConnection=CreateObject("ADODB.Connection") Set objCommand= CreateObject("ADODB.Command") objConnection.Provider="ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection=objConnection objCommand.Properties("Page Size")=50000 objCommand.Properties("Searchscope")=ADS_SCOPE_SUBTREE objCommand.CommandText=_ "SELECT distinguishedName FROM 'LDAP://" & strLDAPDN & "'" & " " & _ "WHERE objectCategory='group' " & _ "AND Name='" & strGrp & "'" & "OR sAMAccountName='" & strGrp & "'" Set objRecordSet=objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF strDN=objRecordSet.Fields("distinguishedName").Value ADGName=strDN objRecordSet.MoveNext Loop End Function 'Get LDAP path for user Function ADUName (strUsr) ON ERROR RESUME NEXT Const ADS_SCOPE_SUBTREE=2 Set objConnection=CreateObject("ADODB.Connection") Set objCommand=CreateObject("ADODB.Command") objConnection.Provider="ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection=objConnection objCommand.Properties("Page Size")=50000 objCommand.Properties("Searchscope")=ADS_SCOPE_SUBTREE objCommand.CommandText=_ "SELECT distinguishedName FROM 'LDAP://" & strLDAPDN & "'" & " " & _ "WHERE objectCategory='user' " & _ "AND SAMAccountName='" & strUsr & "'" Set objRecordSet=objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF strDN=objRecordSet.Fields("distinguishedName").Value ADUName=strDN objRecordSet.MoveNext Loop End Function 'get actual domain name space Function sDomain ON ERROR RESUME NEXT Set oConnAD=CreateObject("ADODB.Connection") Set oCommAD=CreateObject("ADODB.Command") oConnAD.Open "Provider=ADSDSOObject" Set oCommAD.ActiveConnection=oConnAD oCommAD.Properties("Page Size")=500000 Set oRoot=GetObject("LDAP://RootDSE") sDomain=oRoot.Get("DefaultNamingContext") End Function 'insert tabs Function iTab (i) strTab="" For x=1 to i strTab=strTab & vbTab Next iTab=strTab End Function Function HostOnline (strHost) 'Check whether server is online strOnline=1 Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}")._ ExecQuery("select StatusCode from Win32_PingStatus where address = '"_ & strHost & "'") For Each objStatus in objPing If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then WScript.Echo vbCrLf & "Server " & strComputer & " is not reachable" strOnline=0 End If Next 'If offline then exit If strOnline=0 Then WScript.Quit(1) End If End FunctionYou can try to convert it to AU3 (currently I'm too lazy to do it). Further you can check SIC2 which creates alike output files you mentioned!Slm,UEZPS: I've also a VBS for enumerating the members of an AD group recursively (similar to the vbs above). So if somebody is interessted in that script write me a pm! Edited June 1, 2009 by UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
FATIHTALI Posted June 2, 2009 Share Posted June 2, 2009 Im new to AutoIt\scripting and need to get a list of all users who are members of the Local Admin group.1. We have found that the onsite techs have manually added users to the local admin group.2. We cant really pull all those users out yet3. Our domain has multiple OU's, so I just need them from my OU.4. The OU has about 7k machines in itHas anybody done this\have a script created?ThanksI could write list to file. In all most computer it worked well. but some computer wrong. Result is under. anyone has got any idea? Administrator;18CLIENTADM;Administrator;Administrator;18CLIENTADM;18CLIENTADM;Domain Admins;Domain Admins;ARG055DTWS Startup Agent It is my small Startup Agent. You can install programs on startup Domain pc without Admin rights. Link to comment Share on other sites More sharing options...
rudi Posted June 2, 2009 Share Posted June 2, 2009 Hi. I've written long time ago a VBS to enumerate members from any local group recursively (maybe it is also usefull for you): 'Coded by U. Zorlu v0.98 build 2008.05.23 'ListGroupMembership for servers recursively 'Syntax: LGM2.vbs <Servername> <local group> <snip> If WScript.Arguments.count=1 Then strComputer=objArgs(0) strLGroup="Administrators" 'set Administrator as default group strRecursion=1 Else This will address the group "Administrators" for English Windows installations. IIRC the buildin objects always have exactly the same (relative) UID within a given Windows installation: 1.) Administrator 2.) local group of "Administrators" 3.) user "Guest" 4.) local group "Guests" The name for all but 1.) can vary depending on the localisation of the Windows installlation: In German e.g. its "Administrator", "Administratoren", "Gast","Gäste". So a question I couldn't answer so far is: HOWTO address the buildin groups and users WITHOUT using their literal names? For example by using some alias, the relative UID, or any other way that will be the same, no matter what's the local language of this Windows installation? Regards, Rudi. Earth is flat, pigs can fly, and Nuclear Power is SAFE! Link to comment Share on other sites More sharing options...
UEZ Posted June 2, 2009 Share Posted June 2, 2009 (edited) Hi.This will address the group "Administrators" for English Windows installations. IIRC the buildin objects always have exactly the same (relative) UID within a given Windows installation:1.) Administrator2.) local group of "Administrators"3.) user "Guest"4.) local group "Guests"The name for all but 1.) can vary depending on the localisation of the Windows installlation: In German e.g. its "Administrator", "Administratoren", "Gast","Gäste".So a question I couldn't answer so far is: HOWTO address the buildin groups and users WITHOUT using their literal names? For example by using some alias, the relative UID, or any other way that will be the same, no matter what's the local language of this Windows installation?Regards, Rudi.We are working only with US versions and thus I coded it in US version only. Feel free to modify the code. As fas as I can remember there are different SIDs representing the build-in groups -> http://support.microsoft.com/kb/243330. You need to modify the code appropriately.It should also work for non US version if you enter the group name explicit, e.g. for German version: cscript LGM2.vbs //nologo localhost administratorenIf you leave the group name empty then it will not work with the default group "Administrators" for non US versions!UEZ Edited June 2, 2009 by UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now