Can WINNT:// or Winnmgnts: read accounts from a domian controller?

TheMSsForum.com: The Microsoft Software Forum

I use Torgeir Bakken's script ( modified) to query only local administrator
on servers
(NT/win2k/win2k3). However, when a remote server is a domain controller,
I get the information of the domain enterprise administor account, instead
of the local administrator. I think I should not get anything on a remote DC
since SAM is looked out on a DC.
Why?

Also I try to use example 2 to query all local user accounts. Again, when a
remote server is a domain controller, I get all domain user accounts out.
Why?

**********Example 1 Begin **********
On Error Resume Next

strComputer = Wscript.Arguments(0)
strComputerNo = Wscript.Arguments(1)

Set objWMIService = GetObject("winmgmts:{impersonationlevel=impersonate}!\\"
& strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * from Win32_UserAccount")
If Err <> 0 Then
Wscript.Echo strComputerNo & "," & strComputer & "," & Err.number & "," &
Err.Description
Wscript.Quit
End If
For Each objItem in colItems
' determine local administrator name by its SID
'If Left(objItem.SID, 9) = "S-1-5-21-" AND Right(objItem.SID, 4) =
"-500" Then
Wscript.Echo strComputerNo & "," & strComputer & "," & _
"Local administrator name:" & objItem.Name & "," & _
"Account Type: " & objItem.AccountType & "," & _
"Caption: " & objItem.Caption & "," & _
"Description: " & objItem.Description & "," & _
"Disabled: " & objItem.Disabled & "," & _
"Domain: " & objItem.Domain & "," & _
"Full Name: " & objItem.FullName & "," & _
"Lockout: " & objItem.Lockout & "," & _
"Password Changeable: " & objItem.PasswordChangeable & "," & _
"Password Expires: " & objItem.PasswordExpires & "," & _
"Password Required: " & objItem.PasswordRequired & "," & _
"SID Type: " & objItem.SIDType & "," & _
"Status: " & objItem.Status
'Exit For
'End If
Next

**********Example 1 End **********

**********Example 2 Begin **********
Set objNetwork = CreateObject("Wscript.Network")
strComputer = Wscript.Arguments(0)
'strComputer = objNetwork.ComputerName
Set colAccounts = GetObject("WinNT://" & strComputer & "")
colAccounts.Filter = Array("user")
For Each objItem In colAccounts
Wscript.Echo strComputer & "," & _
objItem.Name & "," & _
objItem.Description
Next
**********Example 2 End **********
"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:OT8lFxoIFHA.2356@TK2MSFTNGP12.phx.gbl...
> Wensi Peng wrote:
>
> > Is it possible to change the password of the local administrator
> > with GPO too?
> Hi
>
> You could do it in a computer startup script (with a GPO) that runs
> as part of the boot up process (before the user logs in).
>
> More here:
>
http://groups.google.co.uk/groups?selm=ewm7dAwCFHA.3740%40TK2MSFTNGP09.phx.gbl
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
Top

Re: Can WINNT:// or Winnmgnts: read accounts from a domian controller? by Wensi

Wensi
Sun Mar 13 01:52:51 CST 2005

I found the answer from MS link.
http://dev.coadmin.dk/Resources/ADSI%20SDK%205%20HTML/winnt.htm#user_acct_unlock
"Wensi Peng" <wensi_peng@hotmail.com> wrote in message
news:OoSsMk4JFHA.2428@TK2MSFTNGP10.phx.gbl...
>I use Torgeir Bakken's script ( modified) to query only local
>administrator on servers
> (NT/win2k/win2k3). However, when a remote server is a domain controller,
> I get the information of the domain enterprise administor account, instead
> of the local administrator. I think I should not get anything on a remote
> DC
> since SAM is looked out on a DC.
> Why?
>
> Also I try to use example 2 to query all local user accounts. Again, when
> a
> remote server is a domain controller, I get all domain user accounts out.
> Why?
>
> **********Example 1 Begin **********
> On Error Resume Next
>
> strComputer = Wscript.Arguments(0)
> strComputerNo = Wscript.Arguments(1)
>
> Set objWMIService =
> GetObject("winmgmts:{impersonationlevel=impersonate}!\\"
> & strComputer & "\root\cimv2")
> Set colItems = objWMIService.ExecQuery _
> ("Select * from Win32_UserAccount")
> If Err <> 0 Then
> Wscript.Echo strComputerNo & "," & strComputer & "," & Err.number & ","
> &
> Err.Description
> Wscript.Quit
> End If
> For Each objItem in colItems
> ' determine local administrator name by its SID
> 'If Left(objItem.SID, 9) = "S-1-5-21-" AND Right(objItem.SID, 4) =
> "-500" Then
> Wscript.Echo strComputerNo & "," & strComputer & "," & _
> "Local administrator name:" & objItem.Name & "," & _
> "Account Type: " & objItem.AccountType & "," & _
> "Caption: " & objItem.Caption & "," & _
> "Description: " & objItem.Description & "," & _
> "Disabled: " & objItem.Disabled & "," & _
> "Domain: " & objItem.Domain & "," & _
> "Full Name: " & objItem.FullName & "," & _
> "Lockout: " & objItem.Lockout & "," & _
> "Password Changeable: " & objItem.PasswordChangeable & "," & _
> "Password Expires: " & objItem.PasswordExpires & "," & _
> "Password Required: " & objItem.PasswordRequired & "," & _
> "SID Type: " & objItem.SIDType & "," & _
> "Status: " & objItem.Status
> 'Exit For
> 'End If
> Next
>
> **********Example 1 End **********
>
> **********Example 2 Begin **********
> Set objNetwork = CreateObject("Wscript.Network")
> strComputer = Wscript.Arguments(0)
> 'strComputer = objNetwork.ComputerName
> Set colAccounts = GetObject("WinNT://" & strComputer & "")
> colAccounts.Filter = Array("user")
> For Each objItem In colAccounts
> Wscript.Echo strComputer & "," & _
> objItem.Name & "," & _
> objItem.Description
> Next
> **********Example 2 End **********
> "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
> news:OT8lFxoIFHA.2356@TK2MSFTNGP12.phx.gbl...
>> Wensi Peng wrote:
>>
>> > Is it possible to change the password of the local administrator
>> > with GPO too?
>> Hi
>>
>> You could do it in a computer startup script (with a GPO) that runs
>> as part of the boot up process (before the user logs in).
>>
>> More here:
>>
> http://groups.google.co.uk/groups?selm=ewm7dAwCFHA.3740%40TK2MSFTNGP09.phx.gbl
>>
>>
>> --
>> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
>> Administration scripting examples and an ONLINE version of
>> the 1328 page Scripting Guide:
>> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
>
>


Top