Check for Admin users?

osaddictosaddict London, UK
edited July 2009 in Science & Tech
I've been migrating users from 'standalone' machines if you like to a domain. Someone wrote some scripts for me to do most of it, one part was adding the user as a local admin during the migration.

I was supposed to remove this account at the end of the process...

In 99% of cases I think I've done it, but there may be the odd one or two that has slipped through the net - is there any way I can scan the domain and see which PCs have a user with admin rights logged on or anything?

Comments

  • kryystkryyst Ontario, Canada
    edited July 2009
    Assuming every computer is part of the domain you can do what you want with the following script. Create the following script on the domain controller. Easiest way is to just open up notepade and paste the folowing code between the
    and then save it as a .vbs file (test.vbs for example.)
    'RemoveAdmins.vbs
    Dim objFSO:Set objFSO=CreateObject("Scrip<wbr>ting.FileS<wbr>ystemObjec<wbr>t")
    Dim objFile:Set objFile=objFSO.OpenTextFil<wbr>e("C:\Comp<wbr>uters.txt"<wbr>)

    Do while not objFile.AtEndOfStream
    strPC=objFile.ReadLine
    Set objGroup = GetObject("WinNT://" & strPC & "/Administrators")
    For Each objUser In objGroup.Members
    If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
    objGroup.Remove(objUser.Ad<wbr>sPath)
    End If
    Next
    Loop

    objFile.Close
    Set objFSO=Nothing

    Next you need to create the c:\computername.txt file
    Each line of that file should have a computer name or an ip for a computer and nothing more.

    The script goes through that file and on each computer it removes any accounts from the local admin group that aren't Administrator or Domain Admin.
  • osaddictosaddict London, UK
    edited July 2009
    Thanks Kryyst, I thought you might come to my rescue!

    Is there any way I can modify that to tell me which PCs have admin accounts rather than changing them? - Two of the MDs for example have their own accounts added there etc.
  • kryystkryyst Ontario, Canada
    edited July 2009
    'ViewAdmins.vbs
    Dim objFSO:Set objFSO=CreateObject("Scripting.FileSystemObject")
    Dim objFile:Set objFile=objFSO.OpenTextFile("C:\temp\Computers.txt")

    Do while not objFile.AtEndOfStream
    strPC=objFile.ReadLine
    Set objGroup = GetObject("WinNT://" & strPC & "/Administrators")
    For Each objUser In objGroup.Members
    If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admin
    Wscript.Echo objUser.Name, ">", strPC
    End If
    Next
    Loop
    objFile.Close
    Set objFSO=Nothing

    This will display the non-admin user names and what computers they are assigned to on the screen.
    If you want to send the info to a text file run the script like this
    cscript script.vbs >c:\log.txt

    It'll redirect all output to a text file.
Sign In or Register to comment.