How to list who belong to a local administrator group in windows 2000

Hi,
Currently we have several users in our windows 2000 domain and windows 2000 desktops that are part of the Local Administrator Group on their own machines.

I need a script that can walk the windows 2000 desktop computers in my domain either doing a query to the AD about member computers or i can tell the script an IP range. The the script will tell me who (a group or a user) belongs to that machine's Local Administrator Group or is equivalent to a local administrator.

Note that they are *not* domain admins. They are admins, but only on their own machines. and I want to remove that priviledge but going thru 200+ computers is a real pain.

The report should be dumped to a text file.

If that solution already exists as a vbscript, please let me know where.

Note: I am not an expert vbscript programmer.

Thanks,
Erick.
LVL 4
eaperezhAsked:
Who is Participating?
 
mdiglioConnect With a Mentor Commented:
ForAppending = 8

Dim strInAdmin, i, strUser
Set WshShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'!!Create a text file in a shared folder that users can write to
'!! and place the path in quotes here:
Set objTextFile = objFSO.OpenTextFile("c:\InAdminGroup.txt", ForAppending, True)

Set objComputer = CreateObject("WScript.Network")
'Get Computer Name
strComputer = objComputer.ComputerName
Set colGroups = GetObject("WinNT://" & strComputer & "")
' Pull Environment variables for computer name
strComputer = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")

colGroups.Filter = Array("group")
'Loop through groups
For Each objGroup In colGroups
      'only enumerate Admin group
      If objGroup.Name = "Administrators" Then
            For Each objUser In objGroup.Members
                  strUser = objUser.Name
                  If strUser <> "Administrator" And strUser <> "Domain Admins" Then
                        strInAdmin = strInAdmin & "," & objUser.Name
                  End If
            Next
            
            'If there are users in Admin group other than specified write it to the file
            If strInAdmin <> "" Then
                  objTextFile.WriteLine strComputer & strInAdmin
            End If
            wscript.quit
      End If
Next
wscript.quit
0
 
JackOfPHCommented:
ping
0
 
eaperezhAuthor Commented:
Sorry, JackOfPH, but what kind of answer is that?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
mdiglioCommented:
Hello,
This script is meant to run as a computer startup script.

It will enumerate the local Admin group and place all entries into a comma seperated file.
You will have Enter the path for this file into the script where indicated.

Right now the entry for Administrator and Domain Admins will not be logged.

The text file will end up looking like this
computerName, User1, User2
computerName2,user3

Copy and paste it into notepad and save it w/ a .vbs extension
0
 
mdiglioCommented:
I forgot to change line 9.
Instead of
Set objTextFile = objFSO.OpenTextFile("c:\InAdminGroup.txt", ForAppending, True)
it should be
Set objTextFile = objFSO.OpenTextFile("\\server\share\yourtextfile.txt", ForAppending, True)
0
 
eaperezhAuthor Commented:
mdiglio,

Just ot let u know, when your're working with a mixture of English and in my case, Spanish operating systems, the name of the group is "administradores" instead of "administrators".

Many many thanks,
0
 
mdiglioCommented:
Glad it worked for you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.