Retrieve administrator right and software installed on the domain workstation

Is it possible to use Powershell or VBscript to scan all domain workstations and list out which users has the local domain right , together with the software installed on their workstations ?


Thanks
AXISHKAsked:
Who is Participating?
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
This is self-defined function, so you need to run it at the end.

In example: Get-ADUser is Windows AD PowerShell cmd-let predefined by Microsoft, you need to run it to get data. The same with this one. You need to run get-localadministrators but it won't be recognized, so that's why you need to predefined function before you can use it

Yes, you're right, you can use another computer name but you have to replace this piece of code from
param ([string]$computername=$env:computername)
to
param ([string]$computername=$computerNameVariable)

where $computerNameVariable is taken from other part of your script (Import-CSV or Get-Content)

Krzysztof
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You can try using these scripts

Local administrators
http://andrewmorgan.ie/2011/06/10/retrieve-a-list-of-local-administrators-using-powershell/

Installed software
http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/13/use-powershell-to-quickly-find-installed-software.aspx

for more advanced help, please wait for PowerShell experts

Regards,
Krzysztof
0
 
AXISHKAuthor Commented:
I have put the following under c:\get-localadministrators.ps1 and then run it.  I have open a powershell and execute the following :
c:\get-localadministrators -computername mydomain-computer01

However, no result is display. Any idea ??



function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
                    DomainName  =$admin.split("\")[0]
                    UserName = $admin.split("\")[1]
                }#end object

    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Because you cannot specify computer name. It is taken from system variable $env:computername

To use it with different name, you need to change code a little bit.

And to that script, you need to add one more line at the end

get-localadministrators

Then run script again

Krzysztof
0
 
AXISHKAuthor Commented:
It works but I have a question,

get-localadministrators is a self -defined script and I suppose  $computername will accept my passing parameter, ie. mydomain-computer01

But why do I need to include a call to itself at the end of the line.

Tkx
0
 
AXISHKAuthor Commented:
Tks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.