Re: Find all Local Administrator names

Is this an AD domain?

If so:

Set RootDSE = GetObject("LDAP://RootDSE")
domainDN = RootDSE.Get("DefaultNamingContext")

Set connection = CreateObject("ADODB.Connection")
connection.Provider = "ADsDSOObject"
connection.Open

Set command = CreateObject("ADODB.Command")
Set command.ActiveConnection = connection
Command.Properties("Page Size") = 3000 ' big page size for
' lots of computers
Command.Properties("searchscope") = 2 ' search entire domain
Command.CommandText = "SELECT AdsPath, cn FROM 'LDAP://" & _
domainDN &_
"' WHERE objectcategory = 'computer'"

Set rs = command.Execute

On Error Resume Next
Do Until rs.EOF
computerFlatName = rs.fields("cn")
WScript.Echo _
"Members of Adminstrators local group on " & _
computerFlatName
Set administrators_group = GetObject("WinNT://" & _
computerFlatName & "/administrators,group")
If Err.Number <> 0 Then
WScript.Echo vbTab & "Computer not available."
Else
For Each member In administrators_group.members
WScript.Echo vbTab & member.name
Next
End If
Set administrators_group = Nothing
Err.Number = 0
WScript.Echo vbNL
rs.MoveNext
Loop


Modify the Wscript.Echo statements to output to a file.

or...

Use Hyena's new exporter (will come out with the next release of Hyena). It's exporting capabilities FAR outweighs it's predecessor.

Re: Find all Local Administrator names

It is a NT domain.

We are still in the dark ages, but moving towards that. Do you know an easy way in an NT domain?

Re: Find all Local Administrator names

Our new exporting software, Exporter Pro, can do this. Exporter Pro is part of Hyena v5.5. You can have Exporter Pro generate a list of all local computer groups, and if needed, filter for only specific group names.

Give it a try and if you need help, let us know.

Re: Find all Local Administrator names

Thank you for your help. I downloaded the tools and tried it and got lost. I tried to export and it did not work. Since I have not used this product I am a little lost. Any help would really be apreciated. Thank you.

Re: Find all Local Administrator names

First, if you don't have a configuration setup already, click Configuration->New. For simplicity, you can enter the same value for all three items, like the name of your organization. Just enter a name, no punctuation, etc. for all three items. Click OK.

Start by adding one of your domains to the left window (object list). Click Edit->New Object. Set the Object Type to be the type of domain, enter in a display name, and for the path either enter the name of the domain.

Next, click Configuration->Properties and select Local/NT Groups. Check the box to Export Group Members and then type in an output file name. Check the Only export... checkbox, then enter in a file name such as grouplist.dat. Click Edit and click Yes to create the file. Type in Administrators in the file, then save and close the file.

Click OK to close the Export Properties dialog.

Run the export (Export->Start Export). The resulting file will contain the members of the Administrators group for each computer in the domain.

Re: Find all Local Administrator names

That worked great. Thank you. I see the report and will examine the file it creates.

Re: Find all Local Administrator names

Could you filter this to only check Windows 2000 Workstations (No Servers)?

If so, how?

Re: Find all Local Administrator names

There is a Set Filter button on the General tab in Exporter Pro that will allow you to filter the computers.

Re: Find all Local Administrator names

Hi Supply Guy

i have tried your code and it works great
but can you help me to adapt it
so i can see all the local administrators of a computer that i choose (it is always one computer at a time)
because i have this problem with admin who can logon via the domain and locally
i will give you an example:
this is what i see in the group administrators
test
test1
test2
testing\test --> testing = a domain
when i run my script i get this:
test
test1
test2
test
as you can see the last test don't give the domain back
so i don't know if it's a local or a domain logon user

Can you help me

thanks in advance

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by The Supply Guy:
<span style="font-weight: bold">Is this an AD domain?

If so:

Set RootDSE = GetObject("LDAP://RootDSE")
domainDN = RootDSE.Get("DefaultNamingContext")

Set connection = CreateObject("ADODB.Connection")
connection.Provider = "ADsDSOObject"
connection.Open

Set command = CreateObject("ADODB.Command")
Set command.ActiveConnection = connection
Command.Properties("Page Size") = 3000 ' big page size for
' lots of computers
Command.Properties("searchscope") = 2 ' search entire domain
Command.CommandText = "SELECT AdsPath, cn FROM 'LDAP://" & _
domainDN &_
"' WHERE objectcategory = 'computer'"

Set rs = command.Execute

On Error Resume Next
Do Until rs.EOF
computerFlatName = rs.fields("cn")
WScript.Echo _
"Members of Adminstrators local group on " & _
computerFlatName
Set administrators_group = GetObject("WinNT://" & _
computerFlatName & "/administrators,group")
If Err.Number <> 0 Then
WScript.Echo vbTab & "Computer not available."
Else
For Each member In administrators_group.members
WScript.Echo vbTab & member.name
Next
End If
Set administrators_group = Nothing
Err.Number = 0
WScript.Echo vbNL
rs.MoveNext
Loop


Modify the Wscript.Echo statements to output to a file.

or...

Use Hyena's new exporter (will come out with the next release of Hyena). It's exporting capabilities FAR outweighs it's predecessor.</span></div></div>