simpsonfishing
asked on
How to check user group in each pc for all domain.
HI All
Any one know vb script how to check user group in each pc?
Now we have many pc in office, Normally we will set user group in each pc as " Restricted user ", But as I know some of our user still have "Standart user" or "Administrator". I don't want to go to each pc and check one by one. So any one know script or any way to check Group Membership in each local pc.
Thank for advance.
Simpsonfishing.
Any one know vb script how to check user group in each pc?
Now we have many pc in office, Normally we will set user group in each pc as " Restricted user ", But as I know some of our user still have "Standart user" or "Administrator". I don't want to go to each pc and check one by one. So any one know script or any way to check Group Membership in each local pc.
Thank for advance.
Simpsonfishing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This could help too. It needs a bit of modification, but it's on the right track.
https://www.experts-exchange.com/questions/22712915/Remove-local-administrators-group-members-and-assign-them-as-power-users.html
Jared, feel free to modify that to suit....if I get some early next week I'll have a go....
Regards,
Rob.
https://www.experts-exchange.com/questions/22712915/Remove-local-administrators-group-members-and-assign-them-as-power-users.html
Jared, feel free to modify that to suit....if I get some early next week I'll have a go....
Regards,
Rob.
LOL! Oh, there I go, forgetting words again.....that's a bit sus!!
>> if I get some early next week I'll have a go
should be
"if I get some TIME early next week I'll have a go"
Oh, the change in meaning as soon as one word is omitted!
Rob.
>> if I get some early next week I'll have a go
should be
"if I get some TIME early next week I'll have a go"
Oh, the change in meaning as soon as one word is omitted!
Rob.
Haha... check out the Who's line is it anyway innuendo game on you tube...
Funny stuff...
Funny stuff...
I already have something that is pretty similar to this at work. I'll see what I can do with it on Monday.
Before i get to that however, there is something to keep in mind.
Changes like these are best done by a startup script so that a users security restrictions don't get in the way of doing what you want. The problem with that is the system does not know what user is logging into that computer. Since the computer does not know what user to work with, the changes can only be generic.
As a result, I would make heavy use of groups. I would create a domain group for Restricted User, Standard User, and Administrator. Populate those groups with the users that you want in each group. Obviously most users will be in the Restricted User and Standard User.
With that in place, we can make sure that all domain users and groups are pulled out of the local groups except for the ones that we want in there.
Mull that over and let me know if you have any objections.
Changes like these are best done by a startup script so that a users security restrictions don't get in the way of doing what you want. The problem with that is the system does not know what user is logging into that computer. Since the computer does not know what user to work with, the changes can only be generic.
As a result, I would make heavy use of groups. I would create a domain group for Restricted User, Standard User, and Administrator. Populate those groups with the users that you want in each group. Obviously most users will be in the Restricted User and Standard User.
With that in place, we can make sure that all domain users and groups are pulled out of the local groups except for the ones that we want in there.
Mull that over and let me know if you have any objections.
LOL! Yeah, I love "Who's Line"...it's an absolute classic!
We don't get that in Australia on free to air, but I've seen it on Foxtel countless times! Colin and Ryan are hilarious!
Anyway, I agree with you on having to use a "generic" approach. simsponfishing, if it sounds like that suits, I'm sure we could find one of our scripts to do that for you.
Regards,
Rob.
We don't get that in Australia on free to air, but I've seen it on Foxtel countless times! Colin and Ryan are hilarious!
Anyway, I agree with you on having to use a "generic" approach. simsponfishing, if it sounds like that suits, I'm sure we could find one of our scripts to do that for you.
Regards,
Rob.
ASKER
Hi All
I'm found some script as following and put to login script and apply at GPO of all user, It look ok.
Please comment.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
echo off
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm ission.txt
echo "End" >> \\Server\software\ListPerm ission.txt
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
I'm found some script as following and put to login script and apply at GPO of all user, It look ok.
Please comment.
--------------------------
echo off
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm
echo "End" >> \\Server\software\ListPerm
--------------------------
Hi, I could be wrong, but it looks all that is doing is: check if the current user is in the Power Users group, and if so, output their username to \\server\software\ListPerm ission.txt
So that would only tell you whether a user is in that group, but it also doesn't tell you which computer they logged onto.....
Perhaps you could use something like
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm ission_%ho stname%.tx t
Rob.
So that would only tell you whether a user is in that group, but it also doesn't tell you which computer they logged onto.....
Perhaps you could use something like
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm
Rob.
ASKER
Hi Rob
Thank you for your comment.
I have one more problems, As I'm try to run via GPO, I't does not work with some user,
So I'm try to run at user pc and fund error as "Access is denied."
As I check permission in server seem like I already allow everyone access for full permission.
Bye the way I'm try to use %hostname% seem like I't not work. file will generate as "ListPermission_%hostname% .txt"
Please advise how to do.
SimpsonFishing.
Thank you for your comment.
I have one more problems, As I'm try to run via GPO, I't does not work with some user,
So I'm try to run at user pc and fund error as "Access is denied."
As I check permission in server seem like I already allow everyone access for full permission.
Bye the way I'm try to use %hostname% seem like I't not work. file will generate as "ListPermission_%hostname%
Please advise how to do.
SimpsonFishing.
Firstly, sorry, should have been %computername%, not %hostname%
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm ission_%co mputername %.txt
Secondly, the users *do* need to have write access to the \\server\software share.
Test with a user if they can manually create a text file there.
The "access denied" issue may have also occurred due to two people writing the file at the same time, so the %computername% should prevent that.
Regards,
Rob.
net localgroup "Power Users"|find /I "%username%" >> \\Server\software\ListPerm
Secondly, the users *do* need to have write access to the \\server\software share.
Test with a user if they can manually create a text file there.
The "access denied" issue may have also occurred due to two people writing the file at the same time, so the %computername% should prevent that.
Regards,
Rob.
ASKER
Thank you all,
As your comment is very good for me, Thank you so much.
Simpsonfishing.
As your comment is very good for me, Thank you so much.
Simpsonfishing.
ASKER
Yes your right, Please advise.
Simpsonfishing