Scripting for local user admin

I am looking for a script that I can run that will search
all computers in my windows 2000 domain, display the
username logged on and see if that user has local admin
rights to his local machine

Any help?

Thanks

PeterLundin
Mon Apr 04 10:23:07 CDT 2005

You could use WMI to determine logged on user on a specific computer:
-------------
strComputer = "computerName"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colComputer = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")

For Each objComputer in colComputer
Wscript.Echo "Logged-on user: " & objComputer.UserName
Next
-----------------
And the the WinNT provider to enumerate users in local admin and see if you
get a match for a specific username:
---------------
Set oNet = WScript.CreateObject("WScript.Network")
Set oGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
For Each item In oGroup.Members
If item.name = "logged on user" Then
Wscript.Echo "Logged on user is member of local admin"
End if
Next
----------------

With those samples you should be able to write your own script, which for
example could read computer names from a text file, check current logged on
user and then checksif current logged on user is member of local admin.

Regards,
Peter

"zod" wrote:

> I am looking for a script that I can run that will search
> all computers in my windows 2000 domain, display the
> username logged on and see if that user has local admin
> rights to his local machine
>
> Any help?
>
> Thanks
>
>
>

Torgeir
Mon Apr 04 12:36:52 CDT 2005

Peter Lundin wrote:

> You could use WMI to determine logged on user on a specific computer:
> -------------
> strComputer = "computerName"
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
>
> Set colComputer = objWMIService.ExecQuery _
> ("Select * from Win32_ComputerSystem")
>
> For Each objComputer in colComputer
> Wscript.Echo "Logged-on user: " & objComputer.UserName
> Next
> (snip)
Hi

Many have reported that Win32_ComputerSystem.UserName only works if the
user on the remote computer has administrator rights on that computer.

Obtaining the owner of the explorer.exe process should work better:

'--------------------8<----------------------

sUser = ConsoleUser(".") ' use "." for local computer

MsgBox "Console user: " & sUser, _
vbInformation + vbSystemModal, "Get user name"


Function ConsoleUser(sHost)
' Returns name of user logged on to console
' If no users are logged on, returns ""
Dim oWMI, colProc, oProcess, sUser, sDomain
Set oWmi = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(debug)}!\\" _
& sHost & "\root\cimv2")

Set colProc = oWmi.ExecQuery("Select Name from Win32_Process" _
& " Where Name='explorer.exe' and SessionID=0")

ConsoleUser = ""
For Each oProcess In colProc
lRet = oProcess.GetOwner(sUser, sDomain)
If lRet = 0 Then
ConsoleUser = sUser
End If
Next
End Function
'--------------------8<----------------------


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

PeterLundin
Tue Apr 05 01:57:04 CDT 2005

Ok. Thanks for pointing that out Torgeir!

//Peter

"Torgeir Bakken (MVP)" wrote:

> Peter Lundin wrote:
>
> > You could use WMI to determine logged on user on a specific computer:
> > -------------
> > strComputer = "computerName"
> > Set objWMIService = GetObject("winmgmts:" _
> > & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
> >
> > Set colComputer = objWMIService.ExecQuery _
> > ("Select * from Win32_ComputerSystem")
> >
> > For Each objComputer in colComputer
> > Wscript.Echo "Logged-on user: " & objComputer.UserName
> > Next
> > (snip)
> Hi
>
> Many have reported that Win32_ComputerSystem.UserName only works if the
> user on the remote computer has administrator rights on that computer.
>
> Obtaining the owner of the explorer.exe process should work better:
>
> '--------------------8<----------------------
>
> sUser = ConsoleUser(".") ' use "." for local computer
>
> MsgBox "Console user: " & sUser, _
> vbInformation + vbSystemModal, "Get user name"
>
>
> Function ConsoleUser(sHost)
> ' Returns name of user logged on to console
> ' If no users are logged on, returns ""
> Dim oWMI, colProc, oProcess, sUser, sDomain
> Set oWmi = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate,(debug)}!\\" _
> & sHost & "\root\cimv2")
>
> Set colProc = oWmi.ExecQuery("Select Name from Win32_Process" _
> & " Where Name='explorer.exe' and SessionID=0")
>
> ConsoleUser = ""
> For Each oProcess In colProc
> lRet = oProcess.GetOwner(sUser, sDomain)
> If lRet = 0 Then
> ConsoleUser = sUser
> End If
> Next
> End Function
> '--------------------8<----------------------
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>

zod
Tue Apr 05 10:06:20 CDT 2005

Thanks a lot I will give it a shot

Cheers


>-----Original Message-----
>You could use WMI to determine logged on user on a
specific computer:
>-------------
>strComputer = "computerName"
>Set objWMIService = GetObject("winmgmts:" _
>& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
>
>Set colComputer = objWMIService.ExecQuery _
>("Select * from Win32_ComputerSystem")
>
>For Each objComputer in colComputer
>Wscript.Echo "Logged-on user: " & objComputer.UserName
>Next
>-----------------
>And the the WinNT provider to enumerate users in local
admin and see if you
>get a match for a specific username:
>---------------
>Set oNet = WScript.CreateObject("WScript.Network")
>Set oGroup = GetObject("WinNT://" & strComputer
& "/Administrators,group")
>For Each item In oGroup.Members
> If item.name = "logged on user" Then
> Wscript.Echo "Logged on user is member of
local admin"
> End if
>Next
>----------------
>
>With those samples you should be able to write your own
script, which for
>example could read computer names from a text file, check
current logged on
>user and then checksif current logged on user is member
of local admin.
>
>Regards,
>Peter
>
>"zod" wrote:
>
>> I am looking for a script that I can run that will
search
>> all computers in my windows 2000 domain, display the
>> username logged on and see if that user has local admin
>> rights to his local machine
>>
>> Any help?
>>
>> Thanks
>>
>>
>>
>.
>

billy
Sun Apr 10 20:22:01 CDT 2005

i wrote a complete auditing program using vbscript that i think is as
good as anything commercial. here are some snippets on how i gathered
this information.

i found that getting current user from the registry to be more reliable
(i always got a value with this method, not so with WMI). also,
.ADsPath will get you the logon domain - which is important for telling
the difference between a local account and a domain account.


'start with a loop of your choice to set CompName

'to get current user, read the registry on the computer:
InfoPath = "HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"
UserID = WshShell.RegRead(InfoPath & "DefaultDomainName") & "/" _
& WshShell.RegRead(InfoPath & "DefaultUserName")

'to get all admins:
Set objLocalAdminGroup = GetObject("WinNT://" & CompName &
"/Administrators")
For Each objLocalAdmin In objLocalAdminGroup.Members
AdminID = Mid(objLocalAdmin.ADsPath,9)
If AdminID = UserID Then
'do something
End If
Next

'complete loop


zod wrote:
> I am looking for a script that I can run that will search
> all computers in my windows 2000 domain, display the
> username logged on and see if that user has local admin
> rights to his local machine
>
> Any help?
>
> Thanks