[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

need a script to test local admin access with specific credentials

Posted on 2009-02-16
7
Medium Priority
?
464 Views
Last Modified: 2012-08-13
Can someone provide me with a script that I can run against several hundred PC's to test a specific administrator account.

We need to verify if a specific account credentials have been granted local admin rights on all the PC's in an office.
For example: the credentials could be: LAuser   password: 5j5dkitn
I would like to have a script that would check an input .csv or .txt file, that i could paste in 200+ IP addresses.

I need to script to go to each entry in the input file and check if that  account has local admin rights on each PC.

thanks,

Mike

0
Comment
Question by:siber1
  • 4
  • 3
7 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 23655208
Try the script below (start with a short list of test machines/IP addresses).
It will process the machines given in the text file and create a comma-separated log file. Just adjust the variables at the beginning.
Note that any of the following characters in the password might cause problems: ^ % & ( ) < > |

@echo off
setlocal
set MachineFile=C:\test.txt
:: *** Prepend the account with "DOMAINNAME\" if it's a domain account; using just the name will authenticate as a local account on the target machine:
set User=DOMAINNAME\LAuser
set Password=5j5dkitn
set LogFile=%~dpn0.log
if exist "%LogFile%" del "%LogFile%"
for /f %%a in ('type "%MachineFile%"') do call :process %%a
goto :eof
:process
echo Processing %1 ...
ping -n 2 %1 | find /i "TTL" >NUL
if errorlevel 1 (
  >>"%LogFile%" echo %1,No Response
  echo ... no response.
  goto :eof
)  
net use \\%1\Admin$ "%Password%" /user:%User% >NUL 2>&1
if errorlevel 1 (
  >>"%LogFile%" echo %1,Access denied
  echo ... access denied.
  goto :eof
)
>>"%LogFile%" echo %1,Admin access
echo ... admin access.
net use \\%1\Admin$ /delete

Open in new window

0
 

Author Comment

by:siber1
ID: 23657824
thank you Obda.. i will test it as soon as possible and let you know.

Mike
0
 

Author Comment

by:siber1
ID: 23665212
Obda, I just tested your script in the lab. having an issue.

1. when i enter just the local administrator account, the script fails, and I get an access is denied. [even when entering the proper local admin credentials.

The testing i will be running is to use the local admin account, not a domain admin account. can you provide a solution for this? im sure its just a small change to your script.

thx - Mike



0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 85

Expert Comment

by:oBdA
ID: 23665370
For a local user, just set the user variable to the user name:
set User=Administrator
- Make sure that there are no existing network connections to the target machine.
Otherwise add the line
net use * /delete /yes
at the beginning of the script.
- Make sure administrative shares aren't disabled on the target machines
- Make sure the password doesn't contain any of the characters I listed above.
0
 

Author Comment

by:siber1
ID: 23676819
Hello OBda,
I just finished retesting your script, it still is not working for the local administrator account.
can you please re-check your code? it works perfect when specifying a domain admin account, but does not work with local administrator [no domain in front]
i've also followed your steps above, still having problems.

thanks very much!
Mike
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 23678861
And the local admin hasn't been renamed, and that it actually has admin credentials? Can you map admin$ in Explorer by specifying local credentials?
You can try to precede the account with the remote machine name as well; change line 19 to this:
net use \\%1\Admin$ "%Password%" /user:%1\%User% >NUL 2>&1
0
 

Author Closing Comment

by:siber1
ID: 31547462
thanks oBdA, that did the trick.
working great now.

thanks again!

Mike
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Suggested Courses
Course of the Month18 days, 10 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question