RE: Administrators & Power Users
- From: "Tinu Koshy (CISD)" <tkoshy@xxxxxxx>
- Date: Thu, 26 Jul 2007 17:46:50 +0400
Thanks Jason. It works perfectly well.
Regards,
Tinu Koshy
-----Original Message-----
From: Weir, Jason [mailto:jason.weir@xxxxxxxx]
Sent: Thursday, July 26, 2007 4:20 PM
To: Tinu Koshy (CISD)
Subject: RE: Administrators & Power Users
On lines 18 and 23 replace the word "die" with "print".
That should let the script continue past non-windows machines.
Let me know it that helps..
-Jason
-----Original Message-----
From: Tinu Koshy (CISD) [mailto:tkoshy@xxxxxxx]
Sent: Thursday, July 26, 2007 8:17 AM
To: Weir, Jason
Subject: RE: Administrators & Power Users
Dear Jason,
Thanks for the script. I think it is fantastic but for one issue i.e if
I add a list of IP addresses & one of them happens to be a non-windows
Machine, the script does not move beyond that IP.
My attempt is to scan subnets coz I don't trust the asset management
software run by our Helpdesk.
I was just hoping if you would know a fix to this problem.
Regards,
Tinu Koshy
-----Original Message-----
From: Weir, Jason [mailto:jason.weir@xxxxxxxx]
Sent: Tuesday, July 24, 2007 10:12 PM
To: Tinu Koshy (CISD); security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Administrators & Power Users
Here is a quick and dirty Perl script that I use to scan my machines for
members of the local admins and power users group.
It takes a list of computer names as input but it could be easily
modified to scan by subnet.
************************************************************************
****
use Win32::NetAdmin;
system ("cls");
open (MACHINEFILE, "machines.txt");
@Machines=<MACHINEFILE>;
close (MACHINEFILE);
open (OUTFILE, ">localadmins.csv");
print OUTFILE "Machine\,Administrators Group\,Power Users Group\n";
foreach $Machine(@Machines){
chomp $Machine;
if (`ping -n 1 -l 1 $Machine` =~ /Reply/){
print OUTFILE "$Machine\,";
Win32::NetAdmin::LocalGroupGetMembers($Machine,
'Administrators', \@admins) || die "$^E\n";
foreach $user(@admins){
print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
}
print OUTFILE "\,";
Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Power
Users', \@pusers) || die "$^E\n";
foreach $user(@pusers){
print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
}
print OUTFILE "\n";
}else{
print OUTFILE "$Machine\,Down\n";
}
}
close OUTFILE;
************************************************************************
****
Good luck,
Jason
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Tinu Koshy (CISD)
Sent: Monday, July 23, 2007 11:51 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Administrators & Power Users
Greetings List,
I have an environment where too many people are local administrators or
power users on their PCs. I was looking at a tool which might scan the
network (by subnet) to tell me the admin & power user groups on PCs.
It could even be a remote registry scan tool but please let me know
which registry value I must look into.
Thanks & Regards,
Tinu Koshy
===========================================================
Disclaimer: The information in this email and in any files Transmitted
with it is intended only for the addressee and may contain confidential
and/or privileged material. Access to this email by anyone other than
the intended recipient is unauthorized. If you receive this in error,
please contact the sender immediately and delete the material from any
computer. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore
Oil Operations (ADCO) is not responsible for any consequence from such
unauthorized usage. Statement and opinions expressed in this e-mail are
those of the sender, and do not necessarily reflect those of Abu Dhabi
Company For Onshore Oil Operations (ADCO).
===========================================================
Disclaimer: The information in this email and in any files Transmitted with it is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone other than the intended recipient is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore Oil Operations (ADCO) is not responsible for any consequence from such unauthorized usage. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of Abu Dhabi Company For Onshore Oil Operations (ADCO).
- Follow-Ups:
- Latest Trend in IT Security
- From: Razali, Reyna
- Latest Trend in IT Security
- Prev by Date: Re: Bank Exploit
- Next by Date: RE: Disabling autorun for mapped network drives
- Previous by thread: GB firewall - SNMP
- Next by thread: Latest Trend in IT Security
- Index(es):
Relevant Pages
|
