Security Basics mailing list archives
RE: Administrators & Power Users
From: "Tinu Koshy (CISD)" <tkoshy () adco ae>
Date: Thu, 26 Jul 2007 17:46:50 +0400
Thanks Jason. It works perfectly well. Regards, Tinu Koshy -----Original Message----- From: Weir, Jason [mailto:jason.weir () nhrs org] Sent: Thursday, July 26, 2007 4:20 PM To: Tinu Koshy (CISD) Subject: RE: Administrators & Power Users On lines 18 and 23 replace the word "die" with "print". That should let the script continue past non-windows machines. Let me know it that helps.. -Jason -----Original Message----- From: Tinu Koshy (CISD) [mailto:tkoshy () adco ae] Sent: Thursday, July 26, 2007 8:17 AM To: Weir, Jason Subject: RE: Administrators & Power Users Dear Jason, Thanks for the script. I think it is fantastic but for one issue i.e if I add a list of IP addresses & one of them happens to be a non-windows Machine, the script does not move beyond that IP. My attempt is to scan subnets coz I don't trust the asset management software run by our Helpdesk. I was just hoping if you would know a fix to this problem. Regards, Tinu Koshy -----Original Message----- From: Weir, Jason [mailto:jason.weir () nhrs org] Sent: Tuesday, July 24, 2007 10:12 PM To: Tinu Koshy (CISD); security-basics () securityfocus com Subject: RE: Administrators & Power Users Here is a quick and dirty Perl script that I use to scan my machines for members of the local admins and power users group. It takes a list of computer names as input but it could be easily modified to scan by subnet. ************************************************************************ **** use Win32::NetAdmin; system ("cls"); open (MACHINEFILE, "machines.txt"); @Machines=<MACHINEFILE>; close (MACHINEFILE); open (OUTFILE, ">localadmins.csv"); print OUTFILE "Machine\,Administrators Group\,Power Users Group\n"; foreach $Machine(@Machines){ chomp $Machine; if (`ping -n 1 -l 1 $Machine` =~ /Reply/){ print OUTFILE "$Machine\,"; Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Administrators', \@admins) || die "$^E\n"; foreach $user(@admins){ print OUTFILE "$user\:" unless ($user =~ /administrator|domain admins/i); } print OUTFILE "\,"; Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Power Users', \@pusers) || die "$^E\n"; foreach $user(@pusers){ print OUTFILE "$user\:" unless ($user =~ /administrator|domain admins/i); } print OUTFILE "\n"; }else{ print OUTFILE "$Machine\,Down\n"; } } close OUTFILE; ************************************************************************ **** Good luck, Jason -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Tinu Koshy (CISD) Sent: Monday, July 23, 2007 11:51 PM To: security-basics () securityfocus com Subject: Administrators & Power Users Greetings List, I have an environment where too many people are local administrators or power users on their PCs. I was looking at a tool which might scan the network (by subnet) to tell me the admin & power user groups on PCs. It could even be a remote registry scan tool but please let me know which registry value I must look into. Thanks & Regards, Tinu Koshy =========================================================== Disclaimer: The information in this email and in any files Transmitted with it is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone other than the intended recipient is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore Oil Operations (ADCO) is not responsible for any consequence from such unauthorized usage. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of Abu Dhabi Company For Onshore Oil Operations (ADCO). =========================================================== Disclaimer: The information in this email and in any files Transmitted with it is intended only for the addressee and may contain confidential and/or privileged material. Access to this email by anyone other than the intended recipient is unauthorized. If you receive this in error, please contact the sender immediately and delete the material from any computer. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is strictly prohibited and Abu Dhabi Company For Onshore Oil Operations (ADCO) is not responsible for any consequence from such unauthorized usage. Statement and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of Abu Dhabi Company For Onshore Oil Operations (ADCO).
Current thread:
- RE: Administrators & Power Users Tinu Koshy (CISD) (Jul 26)
- Latest Trend in IT Security Razali, Reyna (Jul 27)