Re: script to list users and groups in domain admin and local admin gr

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/25/05 

Date: Thu, 24 Mar 2005 22:02:53 -0600

Domain admins membership can be determined easily enough in Active Directory
users and Computers and as other posts have mentioned you can use scripts
using the net command and such to enumerate local administrators. FYI MBSA
can scan network computers and among other things be able to list the local
administrators on each computer. Group Policy computer configuration
Restricted Groups can be used to enforce membership in any domain or local
group if you want to consider such. If you want to use Restricted Groups to
restrict local computer administrators group be sure to do it at the OU
level only. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspxb --- MBSA

"crosswired" <crosswired@discussions.microsoft.com> wrote in message
news:1BA8FDE1-B57F-42A1-9F35-E664D9F4960A@microsoft.com...
>I am looking for a script or guidance to write a script that will list all
> the users and groups that belong to the domain admin group and the local
> admin group on each server in the domain. This way, I will not have to
> check
> each server individually when doing periodic security scans.
>
> If anyone can help, I would appreciate. Thanks.
>
> N.P.

Relevant Pages

  • Re: script to list users and groups in domain admin and local admi
    ... >> Domain admins membership can be determined easily enough in Active ... >> using the net command and such to enumerate local administrators. ... If you want to use Restricted Groups ... >>>I am looking for a script or guidance to write a script that will list ...
    (microsoft.public.win2000.security)
  • Re: Drive Mapping Script Based on Group Membership Fails Due to LD
    ... stock script from the link I posted on my original thread post. ... my Domain Admins user but not for the other two. ... I logged in as a user who is a member of the ... priveleges granted to members of the Domain Users security group. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How do I get admin rights for all objects in a OU?
    ... startup script not login script ... > Thanks Alex. ... I want to have admin rights on the computers ... > I have to be member of Domain Admins to have the rights to do that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Drive Mapping Script Based on Group Membership Fails Due to LD
    ... stock script from the link I posted on my original thread post. ... my Domain Admins user but not for the other two. ... I logged in as a user who is a member of the ... priveleges granted to members of the Domain Users security group. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Security on single forest domain design
    ... Here is where I mention Restricted Groups and here is where Paul mentions ... The problem with the startup script is that it does not prevent other ... Domain Admins and Schema Admins. ... the local group Administrators on each member workstations or servers, ...
    (microsoft.public.windows.server.active_directory)