FW: Local Administrators

["Boyer, G. T. IT2 ISSM Office" <boyerg () enterprise navy mil>]

-----Original Message-----
From: Boyer, G. T. IT2 ISSM Office 
Sent: Wednesday, December 31, 2003 3:19 AM
To: 'Van Meter, John'
Subject: RE: Local Administrators


perl

win32 perl programming... the below i threw together to get who i disabled
and when they last logged...etc.
this link is to roth consulting which has more on what you are looking for
http://www.roth.net/perl/scripts/scripts.asp?UrAudit.pl

not the cleanest code but it works 

#!E:\perl\bin -w
use strict;
use Win32;
use Win32::AdminMisc;

my $PDC = "";
my $Domain = "";
my %Userinfo;
my $Attribs;
my @User;

        #open(INFILE, "<new.txt") or  die $! ;
        open(OUTFILE, ">>Disabled.txt") or  die $!;

Win32::AdminMisc::GetUsers($PDC,"",\@User) or die $!;
        

foreach my $User (@User) {
;
 
chomp $User;


   if( Win32::AdminMisc::UserGetMiscAttributes("",
$User, \%Userinfo)) {

                my $Laston = localtime($Userinfo{USER_LAST_LOGON});
                my $account_disabled = $Userinfo{USER_FLAGS} &
                        UF_ACCOUNTDISABLE;
                my $Comment = $Userinfo{USER_COMMENT};
                my @info =($User, "~", $Comment, "~","Last Logged On",
$Laston);
                if ($account_disabled == 2) {
                        print OUTFILE "@info \n";
}
}

  

else {print print "Error retrieving user info for $User in $Domain.\n";
    print "Win32 Error message: ";
    print Win32::FormatMessage( Win32::GetLastError() ) ;
    print "\n";}





}


close (OUTFILE);


-----Original Message-----
From: Van Meter, John [mailto:John.VanMeter () ost dot gov]
Sent: Tuesday, December 30, 2003 1:11 PM
To: security-basics () securityfocus com
Subject: RE: Local Administrators



Thank you all for the info, but I should have said that I have 1000
workstation to collect the local admin from, that is why I've been trying to
come up with a script to pull the info from.

Sorry
John
-----Original Message-----
From: Jacob McMaster [mailto:jmcmaster () appliedsystems com]
Sent: Tuesday, December 30, 2003 12:59 PM
To: Van Meter, John; security-basics () securityfocus com
Subject: RE: Local Administrators


Right click on my computer, goto manage, then chose local users and groups,
then groups, and dbl click administrator's, and the users listed is what you
want

-----Original Message-----
From: Van Meter, John [mailto:John.VanMeter () ost dot gov]
Sent: Tuesday, December 30, 2003 4:47 AM
To: security-basics () securityfocus com
Subject: Local Administrators


Is there an easy way to find out what users are in the local admin group?
The workstations are Win2k Pro SP4, I was thinking about using adduser from
the resource kit, but it takes several lines of code to do it that way. 

Thank You
John van Meter


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------