• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Find renamed builtin local administrator

Hi

Built in local administrator account is renamed and all the description is cleared. In this case how can we find the Built in local administrator accout which is renamed

quick answer highly appreciated.
0
valuelabs97
Asked:
valuelabs97
1 Solution
 
Martin_J_ParkerCommented:
Use the command "net localgroup administrators" to find which local users have administrator privilege.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
0
 
valuelabs97Author Commented:
Hi Martin_J_Parker,

Thank you.

we can get the who are all in local admin group, from them we need to find the renamed bulit in local administrator
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
RediersCommented:
Its like iSiek states...

You need to find a SID that begins with S-1-5- and end with -500
That is the SID of the local admin...
That will tell you what the account name is of the builtin admin.
0
 
valuelabs97Author Commented:
Hi

I need to check it on 2000, 2003 and 2008 servers.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
If you use script specified on that page you can do that using

strComputer variable. Place there name for a server which you want to examine and that's all

You can also use text file with computers but you need to rebuilt script a little bit. Procedure for reading hosts from file at MS page at
http://technet.microsoft.com/en-us/library/ee692821.aspx

Krzysztof
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK, I did it for you :)

Copy this code, save as VBS file and put in the same location as servers.txt file. In servers.txt file put all of servers name to check (one per line) and run it on your workstation

 
Const FOR_READING = 1
strServersFile = "servers.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strServersFile) Then

  Set objTextStream = objFSO.OpenTextFile(strServersFile, FOR_READING)
Else
  WScript.Echo "Input file " & strServersFile & " not found."
  WScript.Quit
End If

Do Until objTextStream.AtEndOfStream

  strComputer = objTextStream.ReadLine


Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colAccounts = objWMIService.ExecQuery _
    ("Select * From Win32_UserAccount Where Domain = '" & strComputer & "'")

For Each objAccount in colAccounts
    If Left (objAccount.SID, 6) = "S-1-5-" and Right(objAccount.SID, 4) = "-500" Then
        Wscript.Echo objAccount.Name
    End If
Next

Loop
objTextStream.Close

Open in new window


Krzysztof
0
 
valuelabs97Author Commented:
Its not 100 % solution
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now