From: John Skinner (john.skinner@vanderbilt.edu)
Date: Thu Sep 14 2006 - 23:12:34 EDT
To get a list of all users in the admin group...
hostname >> c:\output.txt
time /t >> c:\output.txt
date /t >> c:\output.txt
net localgroup administrators | find /v "Alias" | find /v "Comment" | find
/v "-" | find /v "Members" | find /v "The command" >> c:\output.txt
echo ****************************** >> c:\output.txt
Copy above into a.BAT or .CMD file, then use a Windows GPO or login script
to run it on all your computers.
You can change the path to the file it writes and make it on a network share
of your server.
If you want to delete all the users out of the Administrators group except
only the ones you specify, you can write a GPO for this by configuring the
this in the policy...
Computer Configuration/Windows Settings/Security Settings/Restricted Groups
add a group named "Administrators" and configure it to have only the user
accounts you want (if domain accounts, add as DOMAIN\username) and what
groups to be in.
-----------------
John Skinner
Computer Systems Administrator
Vanderbilt University
-----Original Message-----
On 9/14/06, Bud Gordon <bud.gordon@hughes.net> wrote:
> I am looking for a tool or script that will let me ferret out users that
> are members of the admin group (preferably from a command line). I have
> google'd and use pwdump for lists etc; I also use net user and net group
> to show me the users and groups, but I need to see who is admin.
>
> Thoughts?
>
> Thank you!!
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:57 EDT