RE: Administrators & Power Users

["Weir, Jason" <jason.weir () nhrs org>]

Here is a quick and dirty Perl script that I use to scan my machines for
members of the local admins and power users group.

It takes a list of computer names as input but it could be easily
modified to scan by subnet.

************************************************************************
****

use Win32::NetAdmin;

system ("cls");

open (MACHINEFILE, "machines.txt");
@Machines=<MACHINEFILE>;
close (MACHINEFILE);

open (OUTFILE, ">localadmins.csv");

print OUTFILE "Machine\,Administrators Group\,Power Users Group\n";


foreach $Machine(@Machines){
        chomp $Machine;
        if (`ping -n 1 -l 1 $Machine` =~ /Reply/){
                print OUTFILE "$Machine\,";
                Win32::NetAdmin::LocalGroupGetMembers($Machine,
'Administrators', \@admins) || die "$^E\n";
                foreach $user(@admins){
                        print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
                }
                print OUTFILE "\,";
                Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Power
Users', \@pusers) || die "$^E\n";
                foreach $user(@pusers){
                        print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
                }
                print OUTFILE "\n";

        }else{
                print OUTFILE "$Machine\,Down\n";
        }       
}
close OUTFILE;

************************************************************************
****

Good luck,
Jason

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Tinu Koshy (CISD)
Sent: Monday, July 23, 2007 11:51 PM
To: security-basics () securityfocus com
Subject: Administrators & Power Users


Greetings List,

I have an environment where too many people are local administrators or
power users on their PCs. I was looking at a tool which might scan the
network (by subnet) to tell me the admin & power user groups on PCs.

It could even be a remote registry scan tool but please let me know
which registry value I must look into.

Thanks & Regards,
Tinu Koshy