Security Basics mailing list archives
FW: Local Administrators
From: "Boyer, G. T. IT2 ISSM Office" <boyerg () enterprise navy mil>
Date: Wed, 31 Dec 2003 03:20:04 -0500
-----Original Message----- From: Boyer, G. T. IT2 ISSM Office Sent: Wednesday, December 31, 2003 3:19 AM To: 'Van Meter, John' Subject: RE: Local Administrators perl win32 perl programming... the below i threw together to get who i disabled and when they last logged...etc. this link is to roth consulting which has more on what you are looking for http://www.roth.net/perl/scripts/scripts.asp?UrAudit.pl not the cleanest code but it works #!E:\perl\bin -w use strict; use Win32; use Win32::AdminMisc; my $PDC = ""; my $Domain = ""; my %Userinfo; my $Attribs; my @User; #open(INFILE, "<new.txt") or die $! ; open(OUTFILE, ">>Disabled.txt") or die $!; Win32::AdminMisc::GetUsers($PDC,"",\@User) or die $!; foreach my $User (@User) { ; chomp $User; if( Win32::AdminMisc::UserGetMiscAttributes("", $User, \%Userinfo)) { my $Laston = localtime($Userinfo{USER_LAST_LOGON}); my $account_disabled = $Userinfo{USER_FLAGS} & UF_ACCOUNTDISABLE; my $Comment = $Userinfo{USER_COMMENT}; my @info =($User, "~", $Comment, "~","Last Logged On", $Laston); if ($account_disabled == 2) { print OUTFILE "@info \n"; } } else {print print "Error retrieving user info for $User in $Domain.\n"; print "Win32 Error message: "; print Win32::FormatMessage( Win32::GetLastError() ) ; print "\n";} } close (OUTFILE); -----Original Message----- From: Van Meter, John [mailto:John.VanMeter () ost dot gov] Sent: Tuesday, December 30, 2003 1:11 PM To: security-basics () securityfocus com Subject: RE: Local Administrators Thank you all for the info, but I should have said that I have 1000 workstation to collect the local admin from, that is why I've been trying to come up with a script to pull the info from. Sorry John -----Original Message----- From: Jacob McMaster [mailto:jmcmaster () appliedsystems com] Sent: Tuesday, December 30, 2003 12:59 PM To: Van Meter, John; security-basics () securityfocus com Subject: RE: Local Administrators Right click on my computer, goto manage, then chose local users and groups, then groups, and dbl click administrator's, and the users listed is what you want -----Original Message----- From: Van Meter, John [mailto:John.VanMeter () ost dot gov] Sent: Tuesday, December 30, 2003 4:47 AM To: security-basics () securityfocus com Subject: Local Administrators Is there an easy way to find out what users are in the local admin group? The workstations are Win2k Pro SP4, I was thinking about using adduser from the resource kit, but it takes several lines of code to do it that way. Thank You John van Meter --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Local Administrators Van Meter, John (Dec 30)
- Re: Local Administrators Administrator (Dec 31)
- RE: Local Administrators Simon and Sara Zuckerbraun (Dec 31)
- <Possible follow-ups>
- RE: Local Administrators Jacob McMaster (Dec 30)
- RE: Local Administrators Van Meter, John (Dec 30)
- RE: Local Administrators Joey Peloquin (Dec 31)
- Re: Local Administrators Anthony Smith (Dec 31)
- Re: Local Administrators Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Local Administrators bo . berlas (Dec 31)
- FW: Local Administrators Boyer, G. T. IT2 ISSM Office (Dec 31)