FW: Local Administrators
From: Boyer, G. T. IT2 ISSM Office (boyerg_at_enterprise.navy.mil)
Date: 12/31/03
- Previous message: Luke StClair: "Re: Cryptography/Cryptanalysis"
- Maybe in reply to: Van Meter, John: "Local Administrators"
- Next in thread: Administrator: "Re: Local Administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Wed, 31 Dec 2003 03:20:04 -0500
-----Original Message-----
From: Boyer, G. T. IT2 ISSM Office
Sent: Wednesday, December 31, 2003 3:19 AM
To: 'Van Meter, John'
Subject: RE: Local Administrators
perl
win32 perl programming... the below i threw together to get who i disabled
and when they last logged...etc.
this link is to roth consulting which has more on what you are looking for
http://www.roth.net/perl/scripts/scripts.asp?UrAudit.pl
not the cleanest code but it works
#!E:\perl\bin -w
use strict;
use Win32;
use Win32::AdminMisc;
my $PDC = "";
my $Domain = "";
my %Userinfo;
my $Attribs;
my @User;
#open(INFILE, "<new.txt") or die $! ;
open(OUTFILE, ">>Disabled.txt") or die $!;
Win32::AdminMisc::GetUsers($PDC,"",\@User) or die $!;
foreach my $User (@User) {
;
chomp $User;
if( Win32::AdminMisc::UserGetMiscAttributes("",
$User, \%Userinfo)) {
my $Laston = localtime($Userinfo{USER_LAST_LOGON});
my $account_disabled = $Userinfo{USER_FLAGS} &
UF_ACCOUNTDISABLE;
my $Comment = $Userinfo{USER_COMMENT};
my @info =($User, "~", $Comment, "~","Last Logged On",
$Laston);
if ($account_disabled == 2) {
print OUTFILE "@info \n";
}
}
else {print print "Error retrieving user info for $User in $Domain.\n";
print "Win32 Error message: ";
print Win32::FormatMessage( Win32::GetLastError() ) ;
print "\n";}
}
close (OUTFILE);
-----Original Message-----
From: Van Meter, John [mailto:John.VanMeter@ost.dot.gov]
Sent: Tuesday, December 30, 2003 1:11 PM
To: security-basics@securityfocus.com
Subject: RE: Local Administrators
Thank you all for the info, but I should have said that I have 1000
workstation to collect the local admin from, that is why I've been trying to
come up with a script to pull the info from.
Sorry
John
-----Original Message-----
From: Jacob McMaster [mailto:jmcmaster@appliedsystems.com]
Sent: Tuesday, December 30, 2003 12:59 PM
To: Van Meter, John; security-basics@securityfocus.com
Subject: RE: Local Administrators
Right click on my computer, goto manage, then chose local users and groups,
then groups, and dbl click administrator's, and the users listed is what you
want
-----Original Message-----
From: Van Meter, John [mailto:John.VanMeter@ost.dot.gov]
Sent: Tuesday, December 30, 2003 4:47 AM
To: security-basics@securityfocus.com
Subject: Local Administrators
Is there an easy way to find out what users are in the local admin group?
The workstations are Win2k Pro SP4, I was thinking about using adduser from
the resource kit, but it takes several lines of code to do it that way.
Thank You
John van Meter
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Luke StClair: "Re: Cryptography/Cryptanalysis"
- Maybe in reply to: Van Meter, John: "Local Administrators"
- Next in thread: Administrator: "Re: Local Administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
