• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

List Group Membership with recursion

I just found out that a non-admin can access the C$, D$ etc. shares just by going to Start | Run and entering \\servername\C$, etc...it doesn't even give a challenge for username/password. I can't figure out what's up. I checked the AD user who was able to do this, and he is not a member of admins. The root of the drive does have "Special" rights for the Everyone group under security...

Is there a way for me to list all users that are in the local administrators group on a computer?  I need to recurse through all nested groups memberships.

Thanks,
0
byronleonard
Asked:
byronleonard
  • 2
  • 2
1 Solution
 
Jay_Jay70Commented:
Hi byronleonard,

access enum from sysinternals may help you narrow down on permissions on folders
http://www.sysinternals.com/Utilities/AccessEnum.html

have you looked under the local administrators group in computer management?

Cheers!
0
 
Jay_Jay70Commented:
0
 
TheCleanerCommented:
This script from the MS technet magazine will get a user's group membership through a nested scenario.

If you read the article you might be able to modify the script for listing the admins in recursion.  I'm not a great scripter so this is about as much help as I can bring.

http://www.microsoft.com/technet/technetmag/issues/2006/03/ScriptingGuy/default.aspx

On Error Resume Next

SetobjUser=GetObject("LDAP://CN=Ken Myer," & _
    "OU=Finance,DC=fabrikam,DC=com")
Set colGroups = objUser.Groups
For Each objGroup in colGroups
    Wscript.Echo objGroup.CN
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        WScript.Echo objNestedGroup.CN
        GetNested(objNestedGroup)
    Next
End Function

0
 
TheCleanerCommented:
Thank you for the points!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now