We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

need a script to test local admin access with specific credentials

Medium Priority
474 Views
Last Modified: 2012-08-13
Can someone provide me with a script that I can run against several hundred PC's to test a specific administrator account.

We need to verify if a specific account credentials have been granted local admin rights on all the PC's in an office.
For example: the credentials could be: LAuser   password: 5j5dkitn
I would like to have a script that would check an input .csv or .txt file, that i could paste in 200+ IP addresses.

I need to script to go to each entry in the input file and check if that  account has local admin rights on each PC.

thanks,

Mike

Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Try the script below (start with a short list of test machines/IP addresses).
It will process the machines given in the text file and create a comma-separated log file. Just adjust the variables at the beginning.
Note that any of the following characters in the password might cause problems: ^ % & ( ) < > |

@echo off
setlocal
set MachineFile=C:\test.txt
:: *** Prepend the account with "DOMAINNAME\" if it's a domain account; using just the name will authenticate as a local account on the target machine:
set User=DOMAINNAME\LAuser
set Password=5j5dkitn
set LogFile=%~dpn0.log
if exist "%LogFile%" del "%LogFile%"
for /f %%a in ('type "%MachineFile%"') do call :process %%a
goto :eof
:process
echo Processing %1 ...
ping -n 2 %1 | find /i "TTL" >NUL
if errorlevel 1 (
  >>"%LogFile%" echo %1,No Response
  echo ... no response.
  goto :eof
)  
net use \\%1\Admin$ "%Password%" /user:%User% >NUL 2>&1
if errorlevel 1 (
  >>"%LogFile%" echo %1,Access denied
  echo ... access denied.
  goto :eof
)
>>"%LogFile%" echo %1,Admin access
echo ... admin access.
net use \\%1\Admin$ /delete

Open in new window

Author

Commented:
thank you Obda.. i will test it as soon as possible and let you know.

Mike

Author

Commented:
Obda, I just tested your script in the lab. having an issue.

1. when i enter just the local administrator account, the script fails, and I get an access is denied. [even when entering the proper local admin credentials.

The testing i will be running is to use the local admin account, not a domain admin account. can you provide a solution for this? im sure its just a small change to your script.

thx - Mike



CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
For a local user, just set the user variable to the user name:
set User=Administrator
- Make sure that there are no existing network connections to the target machine.
Otherwise add the line
net use * /delete /yes
at the beginning of the script.
- Make sure administrative shares aren't disabled on the target machines
- Make sure the password doesn't contain any of the characters I listed above.

Author

Commented:
Hello OBda,
I just finished retesting your script, it still is not working for the local administrator account.
can you please re-check your code? it works perfect when specifying a domain admin account, but does not work with local administrator [no domain in front]
i've also followed your steps above, still having problems.

thanks very much!
Mike
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
And the local admin hasn't been renamed, and that it actually has admin credentials? Can you map admin$ in Explorer by specifying local credentials?
You can try to precede the account with the remote machine name as well; change line 19 to this:
net use \\%1\Admin$ "%Password%" /user:%1\%User% >NUL 2>&1

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
thanks oBdA, that did the trick.
working great now.

thanks again!

Mike
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.