Solved

How to query the local account's group name in VBScript?

Posted on 2007-12-04
10
2,577 Views
Last Modified: 2008-02-01
Hi,

I have this script attached as below, it queries the local accounts on the computer. But how do you find out what group the account belongs to, using the script? For an example, the local account "MyPC1\Administrator" is a member of the "Administrators" group. This script doesn't tell the group information. So, can anyone help?

thanks a lot in advance.
On Error Resume Next
 

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 

Set colItems = objWMIService.ExecQuery _

    ("Select * from Win32_UserAccount Where LocalAccount = True")
 

For Each objItem in colItems

    Wscript.Echo "Account Type: " & objItem.AccountType

    Wscript.Echo "Caption: " & objItem.Caption

    Wscript.Echo "Description: " & objItem.Description

    Wscript.Echo "Disabled: " & objItem.Disabled

    Wscript.Echo "Domain: " & objItem.Domain

    Wscript.Echo "Full Name: " & objItem.FullName

    Wscript.Echo "Local Account: " & objItem.LocalAccount

    Wscript.Echo "Lockout: " & objItem.Lockout

    Wscript.Echo "Name: " & objItem.Name

    Wscript.Echo "Password Changeable: " & objItem.PasswordChangeable

    Wscript.Echo "Password Expires: " & objItem.PasswordExpires

    Wscript.Echo "Password Required: " & objItem.PasswordRequired

    Wscript.Echo "SID: " & objItem.SID

    Wscript.Echo "SID Type: " & objItem.SIDType

    Wscript.Echo "Status: " & objItem.Status

    Wscript.Echo

Next

Open in new window

0
Comment
Question by:CRIIT
  • 6
  • 3
10 Comments
 
LVL 9

Expert Comment

by:asawatzki
ID: 20407099
Give this code a shot
On Error Resume Next
 

Const wbemFlagReturnImmediately = &h10

Const wbemFlagForwardOnly = &h20

dim BuildGroup
 
 

'On Error Resume Next

 

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

 

Set colItems = objWMIService.ExecQuery _

    ("Select * from Win32_UserAccount Where LocalAccount = True")

 

For Each objItem in colItems

    Wscript.Echo "Account Type: " & objItem.AccountType

    Wscript.Echo "Caption: " & objItem.Caption

    Wscript.Echo "Description: " & objItem.Description

    Wscript.Echo "Disabled: " & objItem.Disabled

    Wscript.Echo "Domain: " & objItem.Domain

    Wscript.Echo "Full Name: " & objItem.FullName

    Wscript.Echo "Local Account: " & objItem.LocalAccount

    Wscript.Echo "Lockout: " & objItem.Lockout

    Wscript.Echo "Name: " & objItem.Name

    Wscript.Echo "Password Changeable: " & objItem.PasswordChangeable

    Wscript.Echo "Password Expires: " & objItem.PasswordExpires

    Wscript.Echo "Password Required: " & objItem.PasswordRequired

    Wscript.Echo "SID: " & objItem.SID

    Wscript.Echo "SID Type: " & objItem.SIDType

    Wscript.Echo "Status: " & objItem.Status

    Groups objItem.Name

    Wscript.Echo BuildGroup

    Wscript.Echo

Next
 
 

Sub Groups(strUsername)
 

   Set objWMIService2 = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

   Set colItems2 = objWMIService.ExecQuery("SELECT * FROM Win32_Group Where LocalAccount = True", "WQL", _

                                          wbemFlagReturnImmediately + wbemFlagForwardOnly)

   For Each objItem2 In colItems2

       GroupMembership strUsername, objItem2.name

     

   Next
 

End Sub
 

Sub GroupMembership(strUsername, strGroup)

  Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup)

  For Each objUser in objGroup.Members

    If objUser.Name = strUsername Then

        BuildGroup =  BuildGroup & "Member of Group: " & strGroup & vbcrlf 

    End If

Next
 

End Sub
 

Function WMIDateStringToDate(dtmDate)

WScript.Echo dtm: 

	WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _

	Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _

	& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))

End Function

Open in new window

0
 

Author Comment

by:CRIIT
ID: 20408267
i will try tomorrow, and let u know, thanks
0
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20414938
On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Set objOU = GetObject _
    ("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
 
ObjOU.Filter= Array("user")
 
For Each objUser in objOU
    WScript.Echo objUser.cn & " is a member of: " 
    WScript.Echo vbTab & "Primary Group ID: " & _
        objUser.Get("primaryGroupID")
 
    arrMemberOf = objUser.GetEx("memberOf")
 
    If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then
        For Each Group in arrMemberOf
            WScript.Echo vbTab & Group
        Next
    Else
        WScript.Echo vbTab & "memberOf attribute is not set"
        Err.Clear
    End If
    Wscript.Echo
Next
      
0
 

Author Comment

by:CRIIT
ID: 20420686
Hi MeCanHelp, I was looking to query the local account, not the domain account. thanks
0
 

Author Comment

by:CRIIT
ID: 20420698
Hi asawatzki:

I tried your script. It runs without any error. but it displays all the group names from the local computer, but didn't display the particular group that one account belongs to. any idea? thanks
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:CRIIT
ID: 20420744
also, what is that "Function WMIDateStringToDate(dtmDate)" for? thanks
0
 
LVL 9

Expert Comment

by:asawatzki
ID: 20420770
You can toss that Function.  It converts WMI dates to string format.  Not being used in this script.  The account in question, is it a local user?  Also is the group that you are looking to see the user in, is it a local group?

Thanks
0
 

Author Comment

by:CRIIT
ID: 20420821
yeah, i am trying to query the local accounts to see what local groups each account belongs to. For an example:

My computer name: PC1
One of the local accounts: test1
test1 belongs to "Backup Operators" and this is the only group that test1 belongs.

but when i run your script, it displays all the group names

any comment? thanks
0
 
LVL 9

Accepted Solution

by:
asawatzki earned 500 total points
ID: 20420898
I see what happened.  Forgot to clear the BuildGroup variable between users.  Try this:
On Error Resume Next

 

Const wbemFlagReturnImmediately = &h10

Const wbemFlagForwardOnly = &h20

dim BuildGroup

 

 

'On Error Resume Next

 

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

 

Set colItems = objWMIService.ExecQuery _

    ("Select * from Win32_UserAccount Where LocalAccount = True")

 

For Each objItem in colItems

    Wscript.Echo "Account Type: " & objItem.AccountType

    Wscript.Echo "Caption: " & objItem.Caption

    Wscript.Echo "Description: " & objItem.Description

    Wscript.Echo "Disabled: " & objItem.Disabled

    Wscript.Echo "Domain: " & objItem.Domain

    Wscript.Echo "Full Name: " & objItem.FullName

    Wscript.Echo "Local Account: " & objItem.LocalAccount

    Wscript.Echo "Lockout: " & objItem.Lockout

    Wscript.Echo "Name: " & objItem.Name

    Wscript.Echo "Password Changeable: " & objItem.PasswordChangeable

    Wscript.Echo "Password Expires: " & objItem.PasswordExpires

    Wscript.Echo "Password Required: " & objItem.PasswordRequired

    Wscript.Echo "SID: " & objItem.SID

    Wscript.Echo "SID Type: " & objItem.SIDType

    Wscript.Echo "Status: " & objItem.Status

    BuildGroup = ""

    Groups objItem.Name

    Wscript.Echo BuildGroup

    Wscript.Echo

Next

 

 

Sub Groups(strUsername)

 

   Set objWMIService2 = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

   Set colItems2 = objWMIService.ExecQuery("SELECT * FROM Win32_Group Where LocalAccount = True", "WQL", _

                                          wbemFlagReturnImmediately + wbemFlagForwardOnly)

   For Each objItem2 In colItems2

       GroupMembership strUsername, objItem2.name

     

   Next

 

End Sub

 

Sub GroupMembership(strUsername, strGroup)

  Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup)

  For Each objUser in objGroup.Members

    If objUser.Name = strUsername Then

        BuildGroup =  BuildGroup & "Member of Group: " & strGroup & vbcrlf 

    End If

Next

 

End Sub

Open in new window

0
 

Author Comment

by:CRIIT
ID: 20420968
great, it works, thanks a lot
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now