Announcement

Collapse
No announcement yet.

get local administrator group/ lock out users scripts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • get local administrator group/ lock out users scripts

    Hi all

    if you can help me, I need script to retrieve members of local administrator group.


    Script input: txt file have all computers names.
    Script output: txt file include computer name and local administrator group members.


    is it possible to get out all users that are locked out via script and output it to txt file . I found AD queries but it don't retrieve all locked out and some scripts retrieve disable accounts in the lock out output

  • #2
    Re: get local administrator group/ lock out users scripts

    Originally posted by abdalla
    hi all

    can any one help me ,i need script like Rems post, it will retrive members of localadministrator group.
    script read computers ftrom file say computers.txt and output file txt or CSV like
    computer x have user1 ,user 2 member of local administrator Group
    computer y have user 4 ......



    another thing i hope to find a soultion here
    is it posiple to get out all users that are locked out via script

    abdalla, this new thread is doubled with the post I quoted. While the post quoted above was a thread hijack!.

    Please read Rules #2 and #14

    I have deleted the post from the other thread.

    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: get local administrator group/ lock out users scripts

      Originally posted by abdalla View Post


      I need script to retrieve members of local administrator group.


      I found AD queries but it don't retrieve all locked out and some scripts retrieve disable accounts in the lock out output
      The "lockedout" status can be retieved from the useraccount flags. If you make a connection to a remote computer with a script i.e. to get all members of a certain group, you can collect userflags only for the local accounts on that computer (else, if you would connect to the domain you are able to read or modify useraccount flags for AD accounts).

      The sample script below writes the results to a CSV-file, the last column is showing the lockout status of the account only if it is a computer local account.

      I hope this script covered also mostly your second question. Or, if you were asking intentially two different questions in one thread (??), then don't do that! If that is the case then I would suggest to start a separate thread for the other question and provide a lot more details.

      Code:
      Option Explicit
      Const ForReading = 1
      Const ForWriting = 2
      Const UF_LOCKOUT = &H0010
      Dim inputFile, outputFile
      
      inputFile = "c:\computers.txt"
      outputFile = "c:\localAdmins.txt"
      
      Dim objFSO, objTextFile, ts, objAdminsRegEx
      Dim strComputer, objShell
      Set objFSO = CreateObject("Scripting.FileSystemObject")
      Set objAdminsRegEx = New RegExp
      objAdminsRegEx.Pattern = "^S-1-2-32-544$"
      
      If objFSO.FileExists(inputFile) = True Then
         Set objTextFile = objFSO.OpenTextFile(_
           outputFile, ForWriting, True)
         objTextFile.WriteLine _
           """Name of Group"",""Name of Member"",""lck"""
         With objFSO.GetFile(inputFile)
           Set ts = .OpenAsTextStream(ForReading)
         End With
         Do While ts.AtEndOfStream <> True
           strComputer = trim(ts.ReadLine)
           If len(strComputer) >0 Then 
            If (IsConnectible(strComputer) = True) Then
              call LocalAdmins(strComputer)
            Else
              objTextFile.WriteLine """" & strComputer _
                & " [unconnectable]"","""","""""
            End If
           End If
         Loop
         ts.Close : objTextFile.close
         Set objTextFile = Nothing
      End If
      
      WSCRIPT.ECHO "Done"
      WSCRIPT.QUIT  0
      
      Sub LocalAdmins(sHost)
         '# objAdminsRegEx, objTextFile are declared globaly
           Dim strConn, objComputer, objAdmins
           Dim strAdministrators, sep, l, cUserFlags
           Dim objItem, arrbytSid, strSID, objMember
           Dim usrSID, IsLocal, strDomain, strMember
      
           strConn = "WinNT://" & sHost
           Set objComputer = GetObject(strConn & ", computer")
           objComputer.Filter = Array("Group")
           For each objItem in objComputer
             If objItem.Class = "Group" Then
               '# Retrieve SID of each group.
               arrbytSid = objItem.get("objectSid")
               strSID = OctetToDecStr(arrbytSid)
               If objAdminsRegEx.Test(strSID) Then
                 Set objAdmins = objComputer.GetObject(_
                   "Group", objItem.name)
                 exit For
               End If
             End If
           Next
           Set objComputer = Nothing
      
           If IsObject(objAdmins) Then
             strAdministrators = UCase(sHost) & "\" & objAdmins.name
             sep = Chr(34) & "," & chr(34)
             For each objMember in objAdmins.members
               arrbytSid = objMember.Get("objectSid")
               usrSID = OctetToDecStr(arrbytSid)
      
               With GetObject("winmgmts:\\" & sHost & "\root\cimv2")
                 With .Get("Win32_SID.SID='" & usrSID & "'")
                   IsLocal = True
                   strDomain = .ReferencedDomainName
                   strMember = .AccountName
                   If LCase(strDomain) <> LCase(sHost) Then IsLocal = False
                 End With
               End With
               l = empty: If IsLocal = True Then
                 cUserFlags = objMember.Get("UserFlags")
                 If (cUserFlags And UF_LOCKOUT) _
                   Then l = "LOCKED OUT"
               End If
      
               objTextFile.WriteLine chr(34) & strAdministrators & sep _
                       & strDomain & "\" & strMember & sep & l & chr(34)
             next
           End If
      End Sub
      
      
      Function OctetToDecStr(ByVal arrSid)
         ' Function to convert OctetString SID values to decimal format.
         ' A 2nd Function OctetToHexStr is called from within this function
         Dim strHexSid, arrbytSid, lngTemp, j
      
         ' 1. Convert OctetString (byte array) to Hex string.
         strHexSid = OctetToHexStr(arrSid)
      
         ' 2. Convert most HexString SID values to decimal format.
         ReDim arrbytSid(Len(strHexSid)/2 - 1)
         For j = 0 To UBound(arrbytSid)
           arrbytSid(j) = CInt("&H" & Mid(strHexSid, 2*j + 1, 2))
         Next
      
         If (UBound(arrbytSid) = 11) Then
           OctetToDecStr = "S-" & arrbytSid(0) & "-" _
             & arrbytSid(1) & "-" & arrbytSid(8)
      
           Exit Function
         End If
      
         If (UBound(arrbytSid) = 15) Then
           OctetToDecStr = "S-" & arrbytSid(0) & "-" _
             & arrbytSid(1) & "-" & arrbytSid(8)
      
           lngTemp = arrbytSid(15)
           lngTemp = lngTemp * 256 + arrbytSid(14)
           lngTemp = lngTemp * 256 + arrbytSid(13)
           lngTemp = lngTemp * 256 + arrbytSid(12)
           OctetToDecStr = OctetToDecStr & "-" & CStr(lngTemp)
      
           Exit Function
         End If
      
         OctetToDecStr = "S-" & arrbytSid(0) & "-" _
           & arrbytSid(1) & "-" & arrbytSid(8)
      
         lngTemp = arrbytSid(15)
         lngTemp = lngTemp * 256 + arrbytSid(14)
         lngTemp = lngTemp * 256 + arrbytSid(13)
         lngTemp = lngTemp * 256 + arrbytSid(12)
         OctetToDecStr = OctetToDecStr & "-" & CStr(lngTemp)
      
         lngTemp = arrbytSid(19)
         lngTemp = lngTemp * 256 + arrbytSid(18)
         lngTemp = lngTemp * 256 + arrbytSid(17)
         lngTemp = lngTemp * 256 + arrbytSid(16)
         OctetToDecStr = OctetToDecStr & "-" & CStr(lngTemp)
      
         lngTemp = arrbytSid(23)
         lngTemp = lngTemp * 256 + arrbytSid(22)
         lngTemp = lngTemp * 256 + arrbytSid(21)
         lngTemp = lngTemp * 256 + arrbytSid(20)
         OctetToDecStr = OctetToDecStr & "-" & CStr(lngTemp)
      
         If (UBound(arrbytSid) > 23) Then
      
           lngTemp = arrbytSid(25)
           lngTemp = lngTemp * 256 + arrbytSid(24)
           OctetToDecStr = OctetToDecStr & "-" & CStr(lngTemp)
      
         End If
      End Function
      
      Function OctetToHexStr(ByVal arrbytOctet)
         ' This function convert OctetString (byte array) to Hex string.
         Dim k
         OctetToHexStr = ""
         For k = 1 To Lenb(arrbytOctet)
            OctetToHexStr = OctetToHexStr _
               & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
         Next
      End Function
      
      Function IsConnectible(strHost)
         Dim lngResult
         ' objShell has been globally declared
         If Not IsObject(objShell) _
           Then Set objShell = CreateObject("Wscript.Shell")
         lngResult = objShell.Run("%comspec% /c ping -n 1 " _
           & " -w 750 " & strHost _
           & " | find /i ""TTL="" > nul 2>&1", 0, True)
         Select Case lngResult
           Case 0
             IsConnectible = True
           Case Else
             IsConnectible = False
         End Select
      End Function
      The script does not directly connect to the local Administrators group on the computer by using the name of the group. I prefere to determine certain objects (the Administrator account or the Administrators group) by its welknown SID, because object names could be tampered with. The script first enumerate the Groups on the computer, and find the Administrors group by comparing the pattern of the SID.
      If the (real) Administrators group is determined, the script enummerate the members of that group.


      \Rems

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment

      Working...
      X