robbyc
05-04-2006, 01:17 AM
Hi I have written the following script so I can tell which users have been given local admin rights to their machines. It works, but was wondering whether it could be written so it works faster, or whether there is an easier way to achieve this i.e. having a file with the user names of administrators in rather than individual files for each one
anyway any suggestions will be greatly appreciated
on error resume next
Set network = WScript.CreateObject("WScript.Network")
Set fs = CreateObject("Scripting.FileSystemObject")
strUser = network.UserName
strcomputer = network.computername
strLocalAdmin = "\\" & strComputer & "\root\cimv2:Win32_Group.Domain=" & chr(34) & strComputer & chr(34) & ",Name=" & chr(34) & "Administrators" & chr(34)
strLocalNetCon = "\\" & strComputer & "\root\cimv2:Win32_Group.Domain=" & chr(34) & strComputer & chr(34) & ",Name=" & chr(34) & "Network Configuration Operators" & chr(34)
strLocalUser = "\\" & strComputer & "\root\cimv2:Win32_UserAccount.Domain="& chr(34) & "MYDOMAIN"& chr(34) & ",Name=" & chr(34) & strUser & chr(34)
strLocalUser = LCase(strLocalUser)
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_GroupUser", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
if strComp(objItem.GroupComponent, strLocalAdmin) = 0 and strComp(LCase(objItem.PartComponent), strLocalUser) = 0 then
if fs.fileexists("\\aserver\LocalRights\Admin\" & strUser & ".txt") then
set f = fs.GetFile("\\aserver\LocalRights\Admin\" & strUser & ".txt")
f.Delete
set f=nothing
end if
set f = fs.createtextfile("\\aserver\LocalRights\Admin\" & strUser & ".txt", true)
f.writeline(network.computername)
f.close
set f = nothing
end if
if strComp(objItem.GroupComponent, strLocalNetCon) = 0 and strComp(LCase(objItem.PartComponent), strLocalUser) = 0 then
if fs.fileexists("\\aserver\LocalRights\NetCon\" & strUser & ".txt") then
set f = fs.GetFile("\\aserver\LocalRights\NetCon\" & strUser & ".txt")
f.Delete
set f=nothing
end if
set f = fs.createtextfile("\\aserver\LocalRights\NetCon\" & strUser & ".txt", true)
f.writeline(network.computername)
f.close
set f = nothing
end if
Next
The way it works at the moment is that if the domain user account is in the local administrators account or network configurators account, the script writes a file to the correct folder either admin or net con. The name of the file is the user name and the contents of the file is the machine name. This script runs on user log in.
I would prefer if I had a single file for each, but would not know how to check if I had already logged a user or not hence having a file full of duplicates.
anyway any suggestions will be greatly appreciated
on error resume next
Set network = WScript.CreateObject("WScript.Network")
Set fs = CreateObject("Scripting.FileSystemObject")
strUser = network.UserName
strcomputer = network.computername
strLocalAdmin = "\\" & strComputer & "\root\cimv2:Win32_Group.Domain=" & chr(34) & strComputer & chr(34) & ",Name=" & chr(34) & "Administrators" & chr(34)
strLocalNetCon = "\\" & strComputer & "\root\cimv2:Win32_Group.Domain=" & chr(34) & strComputer & chr(34) & ",Name=" & chr(34) & "Network Configuration Operators" & chr(34)
strLocalUser = "\\" & strComputer & "\root\cimv2:Win32_UserAccount.Domain="& chr(34) & "MYDOMAIN"& chr(34) & ",Name=" & chr(34) & strUser & chr(34)
strLocalUser = LCase(strLocalUser)
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_GroupUser", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
if strComp(objItem.GroupComponent, strLocalAdmin) = 0 and strComp(LCase(objItem.PartComponent), strLocalUser) = 0 then
if fs.fileexists("\\aserver\LocalRights\Admin\" & strUser & ".txt") then
set f = fs.GetFile("\\aserver\LocalRights\Admin\" & strUser & ".txt")
f.Delete
set f=nothing
end if
set f = fs.createtextfile("\\aserver\LocalRights\Admin\" & strUser & ".txt", true)
f.writeline(network.computername)
f.close
set f = nothing
end if
if strComp(objItem.GroupComponent, strLocalNetCon) = 0 and strComp(LCase(objItem.PartComponent), strLocalUser) = 0 then
if fs.fileexists("\\aserver\LocalRights\NetCon\" & strUser & ".txt") then
set f = fs.GetFile("\\aserver\LocalRights\NetCon\" & strUser & ".txt")
f.Delete
set f=nothing
end if
set f = fs.createtextfile("\\aserver\LocalRights\NetCon\" & strUser & ".txt", true)
f.writeline(network.computername)
f.close
set f = nothing
end if
Next
The way it works at the moment is that if the domain user account is in the local administrators account or network configurators account, the script writes a file to the correct folder either admin or net con. The name of the file is the user name and the contents of the file is the machine name. This script runs on user log in.
I would prefer if I had a single file for each, but would not know how to check if I had already logged a user or not hence having a file full of duplicates.