Re: User group tool

[John Skinner <john.skinner () vanderbilt edu>]

To get a list of all users in the admin group...

hostname >> c:\output.txt
time /t >> c:\output.txt
date /t >> c:\output.txt
net localgroup administrators | find /v "Alias" | find /v "Comment" | find
/v "-" | find /v "Members" | find /v "The command" >> c:\output.txt
echo ****************************** >> c:\output.txt

Copy above into a.BAT or .CMD file, then use a Windows GPO or login script
to run it on all your computers.

You can change the path to the file it writes and make it on a network share
of your server.


If you want to delete all the users out of the Administrators group except
only the ones you specify, you can write a GPO for this by configuring the
this in the policy...

Computer Configuration/Windows Settings/Security Settings/Restricted Groups
add a group named "Administrators" and configure it to have only the user
accounts you want (if domain accounts, add as DOMAIN\username) and what
groups to be in.

-----------------
John Skinner
Computer Systems Administrator
Vanderbilt University


-----Original Message-----
On 9/14/06, Bud Gordon <bud.gordon () hughes net> wrote:
> I am looking for a tool or script that will let me ferret out users that
> are members of the admin group (preferably from a command line).  I have
> google'd and use pwdump for lists etc; I also use net user and net group
> to show me the users and groups, but I need to see who is admin.
>
> Thoughts?
>
> Thank you!!


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------