Security Basics mailing list archives

Re: Local Administrators

From: "Administrator" <administrator () arciris co uk>
Date: Wed, 31 Dec 2003 11:37:24 -0000

John:

How about "net localgroup administrators" at a command prompt

It doesn't include the local computername in the output, which is
unfortunate, so I would recommend also running a "net config workstation"
and capturing the output of both these commands to a file using
commmand-line redirection.

If your client machines are part of a windows domain, these commands might
be embedded into a login script to execute on all client machines next time
they log in. This login script could execute these two commands, and
redirect the output to a common shared file on your network somewhere.
Something like:

net config workstation >> \\computer\share\filename
net localgroup administrators >> \\computer\share\filename

Its then just a matter of waiting for a couple of days (or however long
needed to be sure all your client machines have logged out and in at least
once) then collating the information in this common shared file (probably
easier said than done)

*** N.B. Bear in mind that to automate this task in this way does mean that
the local user may be able to cheat the output: for the login script to be
able to write to the file, the logged on user must have write permission to
the file - if they were so inclinded, and if they realised what had been
done, they may be able to track down the file, and maually edit it.

I hope this helps.

Kind regards.
Duncan Gray


----- Original Message -----
From: "Van Meter, John" <John.VanMeter () ost dot gov>
To: <security-basics () securityfocus com>
Sent: Tuesday, December 30, 2003 10:46 AM
Subject: Local Administrators


Is there an easy way to find out what users are in the local admin group?
The workstations are Win2k Pro SP4, I was thinking about using adduser from
the resource kit, but it takes several lines of code to do it that way.

Thank You
John van Meter


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Local Administrators Van Meter, John (Dec 30)
- Re: Local Administrators Administrator (Dec 31)
- RE: Local Administrators Simon and Sara Zuckerbraun (Dec 31)
- <Possible follow-ups>
- RE: Local Administrators Jacob McMaster (Dec 30)
- RE: Local Administrators Van Meter, John (Dec 30)
  - RE: Local Administrators Joey Peloquin (Dec 31)
  - Re: Local Administrators Anthony Smith (Dec 31)
  - Re: Local Administrators Ansgar -59cobalt- Wiechers (Dec 31)
- Re: Local Administrators bo . berlas (Dec 31)
- FW: Local Administrators Boyer, G. T. IT2 ISSM Office (Dec 31)