Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locating PC's on a network with Local Admin users


  • Please log in to reply
4 replies to this topic

#1 Eric RBA

Eric RBA

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:11:13 AM

Posted 17 November 2009 - 03:51 PM

I need to be able to determine if any user's profile on any of our 500+ computers have been granted local admin rights. I have been tasked with finding a way, aside from locating all of the computer's through Active Directory or through our Symantec AV Console, to identify which computer's have a user in the Administrators group that doesn't belong there. I can identify that part if I can just see a list of that group for each of the PC's. I just don't care to do this manually.

Any thoughts?
I would never ask a person to do something that I wouldn't do myself.

BC AdBot (Login to Remove)

 


#2 Eric RBA

Eric RBA
  • Topic Starter

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:11:13 AM

Posted 23 November 2009 - 04:23 PM

http://www.bleepingcomputer.com/forums/t/272149/locating-pcs-on-a-network-with-local-admin-users/
I would never ask a person to do something that I wouldn't do myself.

#3 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 23 November 2009 - 05:42 PM

Yes it really is that complex. I don't have the resources to figure it out for ya since I don't work for a regional ISP anymore or a corporation that will let me play with their AD servers and tools.

There probably are specific tools for what you want and they are probably priced prohibitively which is why the problem was dumped on you.

I have used scripting to create temporary flat files that can be searched for router interface info using a variety of unix tools in the past and even grep in its crudest form can find specific strings. The hard part is collecting the data and putting it in whatever form will yield useful data for your particular task.

I don't have the resources to even guess at that.

Anything you can read in a terminal can be used by a script.

Anything that can be identified by a string that does not contain control codes (or control codes that can't be escaped in the string) can be searched for.

Crafting grep searches so they also return identifying date as to which machine the user is on may be where the complexity gets out of hand. Sed and awk and their decedents might help massage the data and VI macros can do amazing things.

So If there was an easy answer you might have had one by now.

#4 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 23 November 2009 - 06:31 PM

ok I broke down and used google for ya.

http://blog.tech-cats.com/2007/09/querying...hrough-sql.html
http://blog.tech-cats.com/2007/11/getting-...led-active.html

if you know the string to query in AD to determine the local user with admin rights (or whatever it is your looking for), you should be able to substitute the string for the one used to find enabled/disabled users.

I have not managed an AD server since several versions back so I have no way to test this. You would have to set up SQL on something.

I don't have any current knowledge but I think servers managed by AD don't have any local users. Maybe that's just those configured as domain controllers.

Anyway it is a starting place.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:13 PM

Posted 23 November 2009 - 07:26 PM

I am merging this topic to your original topic to avoid confusion all around. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users