/build/static/layout/Breadcrumb_cap_w.png

Local Admin audit on workstations

I have been given the task to find a way to check who has local admin rights on our workstations. I have done some research and there are bits of code which can accomplish this. I must admit scripting is not one of my strengths. Here are a few approaches I am pondering on:

- VB script, set as a computer startup script in AD. Whenever the computer starts up, it will run the script and dump out the results on the local drive and on a network share (just like the MS04-028 scanning tool w/o SMS does).

- KIX script/Logon script, dump the results to the network share

- VB script to do online scanning of a list of PC names or the domain

0 Comments   [ + ] Show comments

Answers (16)

Posted by: pjohnson 16 years ago
Orange Belt
0
Here is what we came up with this afternoon, that I would like to share. This script can scan all computers which are currently online in a specified OU.

You will see the progress in the DOS box while the script is running. The log file is created in the same directory as where the script is run.

Once you have the log file, you can open it in Excel and manipulate the data. (Tip: use AutoFilter in Excel)


Dim sTrComputer
Dim colPingedComputers
' Change this to the OU you would like to check
strComputerContainer = "ou=computers,dc=domain,dc=com"
Set objContainer = GetObject("LDAP://" & strComputerContainer)
objContainer.Filter = Array("Computer")
' The log file will be created in the same location as the script
strLogFile = "LocalAdmins.LOG"
' Emunerate the local group 'Administrators'. This can be changed. ie: Power Users, Network Configuration Operations
strLocalAdminGroup = "Administrators"
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set objLogFile = objFSO.CreateTextFile(strLogFile, NO_OVERWRITE)
If Err.Number <> 0 Then
' Before running the script, make sure the log file does NOT exisit otherwise the script will stop
WScript.Echo "Cannot create " & strLogFile & " -OR- " & strLogFile & " already exists."
WScript.Quit
End If
On Error GoTo 0
objLogFile.WriteLine("**************** Started at " & Now() & "****************")
objLogFile.WriteLine()
objLogFile.WriteLine("Machine Name,Local Administrators")
On Error Resume Next
For Each objComputer In objContainer
strComputer = Split(objComputer.Name, "=")(1)
Call GetLocalAdmins(strComputer)
Next
objLogFile.WriteLine()
objLogFile.WriteLine("**************** Finished at " & Now() & "****************")
objLogFile.Close
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
' SUB GetLocalAdmins
' purpose: Retrieve list of local administrators from online machines
' input: strComputer (a machine name)
' output: results are echoed on screen and saved in strLogFile
' notes: uses Win32_PingStatus class ("strPinger" must be XP or 2003)
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
Sub GetLocalAdmins(HostName)
strPinger = "."
Set colPingedComputers = GetObject("winmgmts:{impersonationLevel=impersonate}//" & strPinger & "/root/cimv2"). ExecQuery("SELECT * FROM Win32_PingStatus " & "WHERE Address = '" + strComputer + "'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
WScript.Echo "Processing " & strComputer
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
For Each objLocalAdmin In objLocalAdminGroup.Members
objLogFile.WriteLine(strComputer & "," & objLocalAdmin.Name)
Next
Set objLocalAdminGroup = Nothing
Else
WScript.Echo strComputer & " Offline"
objLogFile.WriteLine(strComputer & " Offline")
End If
Next
End Sub
Posted by: Sweede 16 years ago
Second Degree Green Belt
0
Thank you!

nice script works fine

I have had this anoying issue for some time to. Users have been given administrative rights and some one has forgotten to remove
them afterwards.

[;)]

I will make som changes to meet my needs


Sweede ;-)
Posted by: Akkadian 16 years ago
Yellow Belt
0
How would I go about specifing my ou? When I look at the domain I see domain, then group x and under x is my group. then computers. So I have...

blah.blah.domain.com
|
|_Group X
..............|_Group 1
..............|_Group 2
..............|_Group 3
...........................|_Computers
Posted by: pjohnson 16 years ago
Orange Belt
0
Edit this line to point to the OU you want to grab the computer names from:

' Change this to the OU you would like to check
strComputerContainer = "ou=computers,dc=domain,dc=com"
Posted by: Akkadian 15 years ago
Yellow Belt
0
So is this right for mine?

strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"


Sorry... I'm new at this...
Posted by: pjohnson 15 years ago
Orange Belt
0
Try this:

strComputerContainer = "ou=groupx,ou=group1,ou=computers,dc=domain,dc=com"

ORIGINAL: Akkadian

So is this right for mine?

strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"


Sorry... I'm new at this...
strComputerContainer = "ou=groupx/group1/computers,dc=domain,dc=com"
Posted by: ehammett 15 years ago
Yellow Belt
0
Hopefully this thread isn't abandoned.....

HOwever when I try to modify the script I get an error 'There is no such object on server'

My hierarchy is as such:

OU=MyBusiness
|
|
----OU=Computers
|
|
-------OU=SBSComputers

Here is what I have in my script: (may wrap)

' Change this to the OU you would like to check
strComputerContainer = "ou=MyBusiness,ou=computers,ou=SBScomputers,dc=houston,dc=local"

What am I doing wrong here?
Posted by: pjohnson 15 years ago
Orange Belt
0
Looks like you got the OU's the wrong way around.

Try this:

' Change this to the OU you would like to check
strComputerContainer = "ou=SBScomputers,ou=computers,ou=MyBusiness,dc=houston,dc=local"


ORIGINAL: ehammett

Hopefully this thread isn't abandoned.....

HOwever when I try to modify the script I get an error 'There is no such object on server'

My hierarchy is as such:

OU=MyBusiness
|
|
----OU=Computers
|
|
-------OU=SBSComputers

Here is what I have in my script: (may wrap)

' Change this to the OU you would like to check
strComputerContainer = "ou=MyBusiness,ou=computers,ou=SBScomputers,dc=houston,dc=local"

What am I doing wrong here?
Posted by: ehammett 15 years ago
Yellow Belt
0
Thanks PJ. you were right I had it backwards! Worked just fine

Another question however. I was trying it at another client of mine who has a domain of something like apples.com however thier display name is 'oranges'.

They have all their computer accounts in the default 'Computers' OU, however when I change the script to

strComputerContainer = "ou=computers,dc=apples,dc=com"

It erros out saying 'There is no such object on server'

However when I changed it to "ou=computers,dc=oranges,dc=com"

I get the error "A referral was recieved from the server'

Cant' figure out what I am doing wrong on this one?

Thanks again!
Posted by: pjohnson 15 years ago
Orange Belt
0
Glad it worked.

Maybe you can try dropping off the "dc=com".
Posted by: markholmes24 15 years ago
Senior Yellow Belt
0
When I try to run it I get the following message
(5,1) (null): A referral was returned from the server

Any ideas?

Computers are in the default COmputers OU, domain is napierbrown.co.uk.

Anyhelp much appreciated!.

============================

Dim sTrComputer
Dim colPingedComputers
' Change this to the OU you would like to check
strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"
Set objContainer = GetObject("LDAP://" & strComputerContainer)

objContainer.Filter = Array("Computer")
' The log file will be created in the same location as the script
strLogFile = "LocalAdmins.LOG"
' Emunerate the local group 'Administrators'. This can be changed. ie: Power Users, Network Configuration Operations
strLocalAdminGroup = "Administrators"
Set objFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set objLogFile = objFSO.CreateTextFile(strLogFile, NO_OVERWRITE)
If Err.Number <> 0 Then
' Before running the script, make sure the log file does NOT exisit otherwise the script will stop
WScript.Echo "Cannot create " & strLogFile & " -OR- " & strLogFile & " already exists."
WScript.Quit
End If
On Error GoTo 0
objLogFile.WriteLine("**************** Started at " & Now() & "****************")
objLogFile.WriteLine()
objLogFile.WriteLine("Machine Name,Local Administrators")
On Error Resume Next
For Each objComputer In objContainer
strComputer = Split(objComputer.Name, "=")(1)
Call GetLocalAdmins(strComputer)
Next
objLogFile.WriteLine()
objLogFile.WriteLine("**************** Finished at " & Now() & "****************")
objLogFile.Close
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
' SUB GetLocalAdmins
' purpose: Retrieve list of local administrators from online machines
' input: strComputer (a machine name)
' output: results are echoed on screen and saved in strLogFile
' notes: uses Win32_PingStatus class ("strPinger" must be XP or 2003)
'-=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=--=[]=-
Sub GetLocalAdmins(HostName)
strPinger = "."
Set colPingedComputers = GetObject("winmgmts:{impersonationLevel=impersonate}//" & strPinger & "/root/cimv2"). ExecQuery("SELECT * FROM Win32_PingStatus " & "WHERE Address = '" + strComputer + "'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
WScript.Echo "Processing " & strComputer
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
For Each objLocalAdmin In objLocalAdminGroup.Members
objLogFile.WriteLine(strComputer & "," & objLocalAdmin.Name)
Next
Set objLocalAdminGroup = Nothing
Else
WScript.Echo strComputer & " Offline"
objLogFile.WriteLine(strComputer & " Offline")
End If
Next
End Sub
Posted by: brenthunter2005 15 years ago
Fifth Degree Brown Belt
0
Change the following line from

strComputerContainer = "ou=Computers,dc=napierbrown,dc=co.uk"

to

strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"
Posted by: markholmes24 15 years ago
Senior Yellow Belt
0
Many thanks for that Brett - thats that bit sorted.I'm now getting 'no such object on the server' - any ideas? The computers are in AD in the default 'Computers' container, thus

napierbrown.co.uk
|
|
Computers
Posted by: ehammett 15 years ago
Yellow Belt
0
The default container "Computers" in Active Directory Users & Computers is not an OU, so your syntax is wrong. I had the same problem see post above.

So change strComputerContainer = "ou=Computers,dc=napierbrown,dc=co,dc=uk"

to strComputerContainer = "cn=Computers,dc=napierbrown,dc=co,dc=uk"

that should work at least it worked for me. Let me know if this helps.
Posted by: brenthunter2005 15 years ago
Fifth Degree Brown Belt
0
Yeah ehammett, that will work. my bad.
Posted by: markholmes24 15 years ago
Senior Yellow Belt
0
All working now, thanks very much for your help guys.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ