need a script to test local admin access with specific credentials

Posted on 2009-02-16
Last Modified: 2012-08-13
Can someone provide me with a script that I can run against several hundred PC's to test a specific administrator account.

We need to verify if a specific account credentials have been granted local admin rights on all the PC's in an office.
For example: the credentials could be: LAuser   password: 5j5dkitn
I would like to have a script that would check an input .csv or .txt file, that i could paste in 200+ IP addresses.

I need to script to go to each entry in the input file and check if that  account has local admin rights on each PC.



Question by:siber1
    LVL 82

    Expert Comment

    Try the script below (start with a short list of test machines/IP addresses).
    It will process the machines given in the text file and create a comma-separated log file. Just adjust the variables at the beginning.
    Note that any of the following characters in the password might cause problems: ^ % & ( ) < > |

    @echo off
    set MachineFile=C:\test.txt
    :: *** Prepend the account with "DOMAINNAME\" if it's a domain account; using just the name will authenticate as a local account on the target machine:
    set User=DOMAINNAME\LAuser
    set Password=5j5dkitn
    set LogFile=%~dpn0.log
    if exist "%LogFile%" del "%LogFile%"
    for /f %%a in ('type "%MachineFile%"') do call :process %%a
    goto :eof
    echo Processing %1 ...
    ping -n 2 %1 | find /i "TTL" >NUL
    if errorlevel 1 (
      >>"%LogFile%" echo %1,No Response
      echo ... no response.
      goto :eof
    net use \\%1\Admin$ "%Password%" /user:%User% >NUL 2>&1
    if errorlevel 1 (
      >>"%LogFile%" echo %1,Access denied
      echo ... access denied.
      goto :eof
    >>"%LogFile%" echo %1,Admin access
    echo ... admin access.
    net use \\%1\Admin$ /delete

    Open in new window


    Author Comment

    thank you Obda.. i will test it as soon as possible and let you know.


    Author Comment

    Obda, I just tested your script in the lab. having an issue.

    1. when i enter just the local administrator account, the script fails, and I get an access is denied. [even when entering the proper local admin credentials.

    The testing i will be running is to use the local admin account, not a domain admin account. can you provide a solution for this? im sure its just a small change to your script.

    thx - Mike

    LVL 82

    Expert Comment

    For a local user, just set the user variable to the user name:
    set User=Administrator
    - Make sure that there are no existing network connections to the target machine.
    Otherwise add the line
    net use * /delete /yes
    at the beginning of the script.
    - Make sure administrative shares aren't disabled on the target machines
    - Make sure the password doesn't contain any of the characters I listed above.

    Author Comment

    Hello OBda,
    I just finished retesting your script, it still is not working for the local administrator account.
    can you please re-check your code? it works perfect when specifying a domain admin account, but does not work with local administrator [no domain in front]
    i've also followed your steps above, still having problems.

    thanks very much!
    LVL 82

    Accepted Solution

    And the local admin hasn't been renamed, and that it actually has admin credentials? Can you map admin$ in Explorer by specifying local credentials?
    You can try to precede the account with the remote machine name as well; change line 19 to this:
    net use \\%1\Admin$ "%Password%" /user:%1\%User% >NUL 2>&1

    Author Closing Comment

    thanks oBdA, that did the trick.
    working great now.

    thanks again!


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This script will sweep a range of IP addresses (class c only, and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
    This article will show, step by step, how to integrate R code into a R Sweave document
    Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now