Archive - July 2009



 Index
bar1

How To Enumerate Local Admin Members
bar1

So my manager comes to me asking for a report with the local admin members for all
workstations on our network, which is thousands of computers. We are realizing the
security risks of having so many unknown members of the local admin group. So now
we gather the information and begin removing members that do not need to be a part
of the local admin group.

bar1
Here are our specs:


 Query the local admin group
Output results to log file, to be imported into Excel spreadsheet
Log if workstation is offline
Must be coded and report compiled in 1 day
bar1

For those of you who need to run such a report that enumerates all members of the local
admin group, enterprise wide, this is what you're looking for. I am going to modify the code
to make it a comma delimited file, but for right now it outputs to a text file, seperated by
carriage return or character ^13 if you would like to replace it with commas manually. The
comma seperated file will serve you better when importing into an excel spreadsheet.

bar1

Script:

' ******************************************************************
' Script Language: VBScript
' Script Name: LocalAdminMembers.vbs
' Purpose: QUERIES LOCAL ADMIN GROUP FOR MEMBERS
' Creation Date: 07/27/09
' Last Modified:
' Author: EDDIE JACKSON
' E-Mail: MrNetTek2000@yahoo.com
'*******************************************************************

On Error Resume Next
Const ForWriting = 2
' Variable for admin group name, modify this
' variable if the administrators account has
' been renamed.
strAdminGroup = "Administrators"
' Format date/time stamp for output file
strTimeDate = Year(Date) & "-" & Month(Date) & "-" & Day(Date) & "~~" & Hour(Time) & "-" & Minute(Time)
' Output file name and path
strLogFile = "C:\adminaccounts-" & strTimeDate & ".txt"

'Create Log File
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile (strLogFile, ForWriting, True)

' Connect to domain and collect computer accounts
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = _
"SELECT Name, Location FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "'" & "WHERE objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

' Output domain computer accounts, connect to each
' computer, and enumerate admin account members
Do Until objRecordSet.EOF
strComputer = objRecordSet.Fields("Name").Value
objFile.WriteLine "System: " & strComputer
Set objGroup = GetObject("WinNT://" & strComputer & "/" & strAdminGroup)
If Err <> 0 Then
objFile.Writeline("*** System Unreachable ***")
Err.Clear
Else
For Each member In objGroup.Members
objFile.WriteLine member.Name
Next
End If
objRecordSet.MoveNext
objfile.writeline()

Loop

bar1

 



 


  About

   I'm a Computer
   Systems Engineer

   Living and loving life
........................................


  Author
.