Avatar of simpsonfishing
simpsonfishingFlag for Thailand asked on

How to check user group in each pc for all domain.

HI All

     Any one know vb script how to check user group in each pc?

    Now we have many pc in office, Normally we will set user group in each pc as " Restricted user ", But as I know some of our user still have "Standart user" or "Administrator". I don't want to go to each pc and check one by one. So any one know script or any way to check Group Membership in each local pc.

Thank for advance.
Simpsonfishing.

VB Script

Avatar of undefined
Last Comment
simpsonfishing

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Jared Luker

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
RobSampson

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
simpsonfishing

Dear jared_luker:

   Yes your right, Please advise.

Simpsonfishing
RobSampson

This could help too. It needs a bit of modification, but it's on the right track.

https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22712915.html

Jared, feel free to modify that to suit....if I get some early next week I'll have a go....

Regards,

Rob.
RobSampson

LOL!  Oh, there I go, forgetting words again.....that's a bit sus!!

>> if I get some early next week I'll have a go

should be
"if I get some TIME early next week I'll have a go"

Oh, the change in meaning as soon as one word is omitted!

Rob.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Jared Luker

Haha... check out the Who's line is it anyway innuendo game on you tube...  

Funny stuff...
Jared Luker

I already have something that is pretty similar to this at work.  I'll see what I can do with it on Monday.
Jared Luker

Before i get to that however, there is something to keep in mind.

Changes like these are best done by a startup script so that a users security restrictions don't get in the way of doing what you want.  The problem with that is the system does not know what user is logging into that computer.  Since the computer does not know what user to work with, the changes can only be generic.

As a result, I would make heavy use of groups.  I would create a domain group for Restricted User, Standard User, and Administrator.  Populate those groups with the users that you want in each group.  Obviously most users will be in the Restricted User and Standard User.

With that in place, we can make sure that all domain users and groups are pulled out of the local groups except for the ones that we want in there.

Mull that over and let me know if you have any objections.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
RobSampson

LOL!  Yeah, I love "Who's Line"...it's an absolute classic!

We don't get that in Australia on free to air, but I've seen it on Foxtel countless times!  Colin and Ryan are hilarious!

Anyway, I agree with you on having to use a "generic" approach. simsponfishing, if it sounds like that suits, I'm sure we could find one of our scripts to do that for you.

Regards,

Rob.
ASKER
simpsonfishing

Hi All


   I'm found some script as following and put to login script and apply at GPO of all user, It look ok.
Please comment.
   
----------------------------------------------------------------------------------------------------------
echo off
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPermission.txt
echo "End" >> \\Server\software\ListPermission.txt
----------------------------------------------------------------------------------------------------------
RobSampson

Hi, I could be wrong, but it looks all that is doing is: check if the current user is in the Power Users group, and if so, output their username to \\server\software\ListPermission.txt

So that would only tell you whether a user is in that group, but it also doesn't tell you which computer they logged onto.....

Perhaps you could use something like
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPermission_%hostname%.txt

Rob.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
simpsonfishing

Hi Rob

   Thank you for your comment.
    I have one more problems, As I'm try to run via GPO, I't does not work with some user,
So I'm try to run at user pc and fund error as "Access is denied."
As I check permission in server seem like I already allow everyone access for full permission.

Bye the way I'm try to use %hostname% seem like I't not work. file will generate as "ListPermission_%hostname%.txt"


Please advise how to do.

SimpsonFishing.
RobSampson

Firstly, sorry, should have been %computername%, not %hostname%

net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPermission_%computername%.txt

Secondly, the users *do* need to have write access to the \\server\software share.
Test with a user if they can manually create a text file there.

The "access denied" issue may have also occurred due to two people writing the file at the same time, so the %computername% should prevent that.

Regards,

Rob.
ASKER
simpsonfishing

Thank you all,

      As your comment is very good for me, Thank you so much.

Simpsonfishing.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.