Security Basics mailing list archives

RE: Administrators & Power Users

From: "Tinu Koshy (CISD)" <tkoshy () adco ae>
Date: Thu, 26 Jul 2007 17:46:50 +0400

Thanks Jason. It works perfectly well.

Regards,
Tinu Koshy

-----Original Message-----
From: Weir, Jason [mailto:jason.weir () nhrs org] 
Sent: Thursday, July 26, 2007 4:20 PM
To: Tinu Koshy (CISD)
Subject: RE: Administrators & Power Users

On lines 18 and 23 replace the word "die" with "print".

That should let the script continue past non-windows machines.

Let me know it that helps..

-Jason 

-----Original Message-----
From: Tinu Koshy (CISD) [mailto:tkoshy () adco ae] 
Sent: Thursday, July 26, 2007 8:17 AM
To: Weir, Jason
Subject: RE: Administrators & Power Users


Dear Jason,

Thanks for the script. I think it is fantastic but for one issue i.e if
I add a list of IP addresses & one of them happens to be a non-windows
Machine, the script does not move beyond that IP.

My attempt is to scan subnets coz I don't trust the asset management
software run by our Helpdesk.

I was just hoping if you would know a fix to this problem.

Regards,
Tinu Koshy

-----Original Message-----
From: Weir, Jason [mailto:jason.weir () nhrs org] 
Sent: Tuesday, July 24, 2007 10:12 PM
To: Tinu Koshy (CISD); security-basics () securityfocus com
Subject: RE: Administrators & Power Users

Here is a quick and dirty Perl script that I use to scan my machines for
members of the local admins and power users group.

It takes a list of computer names as input but it could be easily
modified to scan by subnet.

************************************************************************
****

use Win32::NetAdmin;

system ("cls");

open (MACHINEFILE, "machines.txt");
@Machines=<MACHINEFILE>;
close (MACHINEFILE);

open (OUTFILE, ">localadmins.csv");

print OUTFILE "Machine\,Administrators Group\,Power Users Group\n";


foreach $Machine(@Machines){
        chomp $Machine;
        if (`ping -n 1 -l 1 $Machine` =~ /Reply/){
                print OUTFILE "$Machine\,";
                Win32::NetAdmin::LocalGroupGetMembers($Machine,
'Administrators', \@admins) || die "$^E\n";
                foreach $user(@admins){
                        print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
                }
                print OUTFILE "\,";
                Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Power
Users', \@pusers) || die "$^E\n";
                foreach $user(@pusers){
                        print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
                }
                print OUTFILE "\n";

        }else{
                print OUTFILE "$Machine\,Down\n";
        }       
}
close OUTFILE;

************************************************************************
****

Good luck,
Jason

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Tinu Koshy (CISD)
Sent: Monday, July 23, 2007 11:51 PM
To: security-basics () securityfocus com
Subject: Administrators & Power Users


Greetings List,

I have an environment where too many people are local administrators or
power users on their PCs. I was looking at a tool which might scan the
network (by subnet) to tell me the admin & power user groups on PCs.

It could even be a remote registry scan tool but please let me know
which registry value I must look into.

Thanks & Regards,
Tinu Koshy
===========================================================
Disclaimer: The information in this email and in any files Transmitted
with it is intended only for the addressee and may contain confidential
and/or privileged material. Access to this email by anyone other than
the intended recipient is unauthorized. If you receive this in error,
please contact the sender immediately and delete the material from any
computer.  If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore
Oil Operations (ADCO) is not responsible for any consequence from such
unauthorized usage.  Statement and opinions expressed in this e-mail are
those of the sender, and do not necessarily reflect those of Abu Dhabi
Company For Onshore Oil Operations (ADCO).
===========================================================
Disclaimer: The information in this email and in any files Transmitted with it is intended only for the addressee and 
may contain confidential and/or privileged material. Access to this email by anyone other than the intended recipient 
is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any 
computer.  If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted 
to be taken in reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore Oil Operations (ADCO) is not 
responsible for any consequence from such unauthorized usage.  Statement and opinions expressed in this e-mail are 
those of the sender, and do not necessarily reflect those of Abu Dhabi Company For Onshore Oil Operations (ADCO).
Current thread:

RE: Administrators & Power Users Tinu Koshy (CISD) (Jul 26)
- Latest Trend in IT Security Razali, Reyna (Jul 27)