Re: script to list users and groups in domain admin and local admi

From: crosswired (crosswired_at_discussions.microsoft.com)
Date: 03/29/05

• Next message: Roger Abell: "Re: EFS - Recovery agent"
• Previous message: Jeff Cochran: "Re: Allowing user access to one single file in a folder."
• In reply to: Steven L Umbach: "Re: script to list users and groups in domain admin and local admin gr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Mar 2005 20:39:02 -0800

Just wanted to thank everyone for the help and advice. Much appreciated.

"Steven L Umbach" wrote:

> Domain admins membership can be determined easily enough in Active Directory
> users and Computers and as other posts have mentioned you can use scripts
> using the net command and such to enumerate local administrators. FYI MBSA
> can scan network computers and among other things be able to list the local
> administrators on each computer. Group Policy computer configuration
> Restricted Groups can be used to enforce membership in any domain or local
> group if you want to consider such. If you want to use Restricted Groups to
> restrict local computer administrators group be sure to do it at the OU
> level only. --- Steve
>
> http://www.microsoft.com/technet/security/tools/mbsahome.mspxb --- MBSA
>
> "crosswired" <crosswired@discussions.microsoft.com> wrote in message
> news:1BA8FDE1-B57F-42A1-9F35-E664D9F4960A@microsoft.com...
> >I am looking for a script or guidance to write a script that will list all
> > the users and groups that belong to the domain admin group and the local
> > admin group on each server in the domain. This way, I will not have to
> > check
> > each server individually when doing periodic security scans.
> >
> > If anyone can help, I would appreciate. Thanks.
> >
> > N.P.
>
>
>

• Next message: Roger Abell: "Re: EFS - Recovery agent"
• Previous message: Jeff Cochran: "Re: Allowing user access to one single file in a folder."
• In reply to: Steven L Umbach: "Re: script to list users and groups in domain admin and local admin gr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: script to list users and groups in domain admin and local admi ... >> Domain admins membership can be determined easily enough in Active ... >> using the net command and such to enumerate local administrators. ... If you want to use Restricted Groups ... >>>I am looking for a script or guidance to write a script that will list ... (microsoft.public.win2000.security) Re: script to list users and groups in domain admin and local admi ... > using the net command and such to enumerate local administrators. ... > Restricted Groups can be used to enforce membership in any domain or local ... >>I am looking for a script or guidance to write a script that will list all ... >> admin group on each server in the domain. ... (microsoft.public.win2000.security) Re: Login script to add a user as an Administrator. ... I hope that's not what Steve is asking for. ... just add Authenticated Users to every machine's Administrators ... Adding each user separately in a Startup Script is very simple (just need ... the local admin group, then you put the users in this group. ... (microsoft.public.scripting.wsh) Re: User type ... This does help Mike - thanks ... > If the computer is member of domain then you should use domain user ... > After you have this account and group created you can write a short script ... > administrator and make your users local administrators. ... (microsoft.public.windows.server.setup) Re: VBScript to verify is user is local admin ... I believe the script posted using WMI addresses one complication with the ... the WMI script, only reveal direct membership. ... Administrators group is renamed, ... Dim strUser ... (microsoft.public.scripting.vbscript)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint