Link to home
Start Free TrialLog in
Avatar of bsharath
bsharathFlag for India

asked on

Find all machines which are not contactable with the domain administartor

Hi,

Find all machines which are not contactable with the domain administartor.
What i want is to find all machines if anyone has restricted Domain/Administrator logging into there machines or given any type of restrictions.I have the machine names in the file or a way that the script scans all the machines in the network.

Regards
Sharath
Avatar of Speshalyst
Speshalyst
Flag of India image

Sharath,

why dont you give this tool a shot.. NSAUDITOR

http://www.snapfiles.com/get/nsauditor.html 

You questions have a pattern mostly relating to audits over the network..
MotherMayI.vbs
Will return results to csv file as pcname,access/error with error checking if offline and not reporting.

Give it a pcname file like others, pcnames.txt
pcNum1
pcNum2
pcNum3

will return;

pcNum1 admin access ok
pcNum2 Permission Denied
pcNum3 Remote computer is offline or unavailable



'===Start copy: MotherMayI.vbs===
' ---------------------------------------------------------------'
' MotherMayI.vbs
' 'Sample VBScript to query remote computers
' 'and return cdrom model information into csv file.
' ''Author Riley C. aka ZooFan
' '''Version 1.1 - August 2007
' ''''https://www.experts-exchange.com question ID:22749674
' ---------------------------------------------------------------'
'
Option Explicit
Const ForReading = 1, ForWriting = 2, ForAppending = 3 'FileObject Access Type
Const TristateUseDefault = -2, TristateTrue = -1, TristateFalse = 0 'FileObject Format Type
Dim strPcList
Dim arrPcnames()
Dim strResultsFile
Dim dte
Dim tme
Dim objFso
Dim objWshShell
Dim objPCnames
Dim objReadFile
Dim intLneCount
Dim objOutputFile
Dim strCurPath
Dim intPCLoop
Dim strReturn      
Dim strTestcon
      Set objFso = CreateObject("Scripting.FileSystemObject")
      Set objWshShell = WScript.CreateObject("WScript.Shell")
      strCurPath = CreateObject("Scripting.FileSystemObject").GetAbsolutePathName(".")
      strPcList = InputBox("Please enter the full path and file" & VbCrLf & "name of the file with the computer names.","Get cdrom drives.")
            'Test to make sure file exists if not exit script
            If Not objFso.FileExists(strPcList) Then
                  MsgBox "You must enter a valid full path and file name!",vbOKOnly,"Get cdrom drives."
                WScript.Quit(0)
            Elseif strPcList = "" Then
                  MsgBox "You must enter a filename!",vbOKOnly,"Get cdrom drives."
                WScript.Quit(0)               
            Else 'File exists continue
                                    dte = Replace(FormatDateTime(date(),vbshortdate),"/","-")
                                    tme = Replace(Replace(FormatDateTime(now(),vbLongtime),":","-")," ","")
                                          strResultsFile = strCurPath & "\" & tme & "_" & dte & ".csv"
                                                If objFSO.FileExists(strResultsFile) Then
                                                      ObjFSO.deleteFile(strResultsFile)
                                                Else
                                                      Set objOutputFile = objFso.CreateTextFile(strResultsFile)
                                                      objOutputFile.Close      
                                                End If
                                                MsgBox strResultsFile
                                    Set objPCnames = objFso.GetFile(strPcList)
                                    Set objReadFile = objPCnames.OpenAsTextStream(ForReading, TristateUseDefault)
                                          Do Until objReadFile.AtEndOfStream
                                                ReDim Preserve arrPCnames(intLneCount)
                                                arrPCnames(intLneCount) = objReadFile.ReadLine
                                                intLneCount = intLneCount + 1
                                          Loop
                                    objReadFile.Close
                                          Set objOutputFile = objFso.OpenTextFile(strResultsFile,ForWriting,TristateUseDefault)
                                          objOutputFile.WriteLine("Computer,Acess/Error")
                                                For intPCLoop = LBound(arrPCnames) To UBound(arrPCnames)
                                                      strTestcon = MotherMayI(arrPCnames(intPCLoop))
                                                      objOutputFile.WriteLine(arrPCnames(intPCLoop) & "," & strTestcon)
                                                Next
                                           objOutputFile.Close
                                           MsgBox("Script has completed")
                                    WScript.Quit
                        End If
Function MotherMayI(strserver)                        
      Dim Testme
      Dim intErr
      Dim strRegValue
      Dim strFileServer
      On Error Resume Next
            Set Testme = GetObject("winmgmts://" & strserver & "/root/cimv2")
                  Set strRegValue = GetObject("winmgmts://" & strserver & "/root/default:StdRegProv")
                        intErr = Err.Number
                        If intErr <> 0 Then
                              MotherMayI = Err.Description
                        Else
                              MotherMayI = "Admin Access OK"
                        End If
      On Error GoTo 0
End Function
'===End copy: MotherMayI.vbs===


Any problems let me know.

zf

p.s. Umm you need to run this while logged on as an admin of the domain. :-)
ASKER CERTIFIED SOLUTION
Avatar of zoofan
zoofan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bsharath

ASKER

I get these type of answers.

Admin Access OK
Permission denied
The remote server machine does not exist or is unavailable


What does each mean
"Admin access ok"  means domain admin has rights to access the pc over the network
"Permission Denied" means admin does NOT have rights to access the pc over the network
"means admin has right to access the pc over the net" means either the pc is off/blocked by firewall/or incorrect name given in file.  basically the script couldnt conact the pc.

zf
Sorry got paste happy

"Admin access ok"
means domain admin has rights to access the pc over the network

"Permission Denied"
means admin does NOT have rights to access the pc over the network

"The remote server machine does not exist or is unavailable"
means either the pc is off/blocked by firewall/or incorrect name given in file.  basically the script couldnt conact the pc.



zf
Ok i have another Q to check the same way on folders.Is there a way to scan all folders in a local machine if the logged in user has access to all the folders and files.If he has permissions...
I can raise a new Q if you can do it....
Do you realize how long it would take to scan every file on the hard drive?  lol

But if your sure you want to wait that long(could be hours to scan) Ill give it a try

zf
Yes not a problem .If possible to mession the drive or Folder path in the script.So that it would be easy.
Output of only denied access ok? might be a shorter and easier to read list I think.
and we are talking just read rights correct?

ex:
drive:\path\path\file    permission denied


will give it a try tommorrow and let you know, am headed to bed for the night.

zf
One very important thing which i wantd.As we are formatting our file server need to take the permission details to a file..

Is there a way you can get a script which can scan the folder for the paths that are there and give a output with the security permission members to a file

Say i have

C:\share1
C:\Share2

i the file

The script results should look like this.

C:\share1   Permissions Sharathr  Samme  rajesh
C:\Share2  Permissions   Administrator   Rajesh

THX
Sharath
Ok zoofan....
You are correct the output as you mentioned....
I have questions about this as to ensure I accurately return what your looking for.  Are you really after the script to answer your share permission results question? or are you looking for NTFS (NOT SHARE) permissions as well?  I was workiing on the share permissions export and think I about have that one.  

If this is the same then I will continue working on it, if this is different I will start a new, and still work on the other.

zf
What i want is the share and NTFS permissions.All members or groups to be exported to a csv or txt file.
I see,  ummm I had(I Think were on the same page) a simular situation at work I migrated to a NEW file server but needed to replicate EVERYTHING permissions shares directory structure etc etc  as I think this is what your trying to do,  

if so this is what you truly need to do it right!!!!!!!

the export of permissions will be a very crude and unsuccessful way to do this....trust me I tried!!!!


go here
"How do I use the Microsoft File Server Migration Toolkit (FSMT)?"
http://www.windowsitpro.com/Articles/ArticleID/49595/49595.html?Ad=1

if you need help with that give a yell.

zf

ps. this ones one me :-)
If that is not what your trying to do and still need both the NTFS and share permissions exported I will work on it and get back to you, probably this weekend.

zf
Zoofan..

Thanks for this i shall go through but for cross checking i would require a file which has all these details so that tommorow no one can blame me if any share has been removed or wrongly added
thanks...
Have a good sleep....
Open up computer managment console on the server, goto Shares\Shared Folders

lists all the current server shares with full paths,  

On the tool bar up click "export List"  this will export the full list with details so you have a master list of current shares.  :-)

cheers

zf
zoofan...

this get these details

Share Name      Folder Path      Type      # Client Connections      Description

but i want the members who are in the share and NTFS permissions....
Need to get each shared folder and to whome it is shared and who have NTFS access and who has full/Read only ....
I know,  was just a comparative list of shares for your records.

CYA

"cross checking i would require a file which has all these details so that tommorow no one can blame me if any share has been removed or wrongly added"



zf
zoofan:

File server migration.

What does it exxactly do..I have data of 2 TB in my file server will it backup all the data with the shares and permissions intact???
You set up a new, second server.  The orginal server connects to it and yes transfers everything from old to new.  Folder\file structure with NTFS permissions, recreates shares with permissions,

bascially it allows you to clone everything but the OS to a new/different server for replacement.

zf
Ok but i need to backup to tapes as we have to just format and restore the same data to the same machine but the Os would be Win 2003
Previously we had win 2000
Ok,  well this is more to your target then I thought you were moveing to new you need to restore from backup got it.

go here,
"This article explains how to restore share definitions using NTBackup and the Registry Editor."
http://support.microsoft.com/?id=141589


That what were after?

zf
Doing this VIA ntbackup,  ALL ntfs permissions are retained,  following this aarticle adds to that all the share information.  Think that is exactly what you need.

zf
Sorry for all the other info.

As my mother once told me
"Precise questions lead to precise answers."  lol


ahh well hope all this helps.

zf
And sorry to speshalyst for flooding his email with posts to this question :-)

zf
But i am using Veritas for backup to a tape loader...
And data protector for backing up data from my Nas server...
Zoofan

"Permission Denied"
means admin does NOT have rights to access the pc over the network

I scanned my whole network and got about 10 machines which shows this.
I am able to connect to there machine \\machinename\c$ with Domain\administrator credentials
go into computer managment of one of those remotly and look to see if WMI service is running.  It is returning the permissions based on WMI access.

zf
And did it prompt you to enter then domain credentials?

zf



fyi:  script for you in IIS automation, to change source path


oh yea and I am going to be off to bed here ummm soooooooon lol 6am here now, work at Noon


Ok Zoofan sleep well catch you tommorow....
Thank you,

see you tommorrow(today)

zf
Windows Management Instrumentation serice is Started
Windows Management Instrumentation Driver Extensions  Manual
WMI Performance Adapter   Manual

Yes when i connected from the domain/administrator logged in machine it does not ask and when i connect from my machine it asks for a username and password...