List Group Membership with recursion

Posted on 2006-03-28
Last Modified: 2012-06-27
I just found out that a non-admin can access the C$, D$ etc. shares just by going to Start | Run and entering \\servername\C$, doesn't even give a challenge for username/password. I can't figure out what's up. I checked the AD user who was able to do this, and he is not a member of admins. The root of the drive does have "Special" rights for the Everyone group under security...

Is there a way for me to list all users that are in the local administrators group on a computer?  I need to recurse through all nested groups memberships.

Question by:byronleonard
    LVL 48

    Expert Comment

    Hi byronleonard,

    access enum from sysinternals may help you narrow down on permissions on folders

    have you looked under the local administrators group in computer management?

    LVL 48

    Expert Comment

    LVL 23

    Accepted Solution

    This script from the MS technet magazine will get a user's group membership through a nested scenario.

    If you read the article you might be able to modify the script for listing the admins in recursion.  I'm not a great scripter so this is about as much help as I can bring.

    On Error Resume Next

    SetobjUser=GetObject("LDAP://CN=Ken Myer," & _
    Set colGroups = objUser.Groups
    For Each objGroup in colGroups
        Wscript.Echo objGroup.CN
    Function GetNested(objGroup)
        On Error Resume Next
        colMembers = objGroup.GetEx("memberOf")
        For Each strMember in colMembers
            strPath = "LDAP://" & strMember
            Set objNestedGroup = _
            WScript.Echo objNestedGroup.CN
    End Function

    LVL 23

    Expert Comment

    Thank you for the points!

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now