Here is a quick and dirty Perl script that I use to scan my machines for
members of the local admins and power users group.
It takes a list of computer names as input but it could be easily
modified to scan by subnet.
************************************************************************
****
use Win32::NetAdmin;
system ("cls");
open (MACHINEFILE, "machines.txt");
@Machines=<MACHINEFILE>;
close (MACHINEFILE);
open (OUTFILE, ">localadmins.csv");
print OUTFILE "Machine\,Administrators Group\,Power Users Group\n";
foreach $Machine(@Machines){
chomp $Machine;
if (`ping -n 1 -l 1 $Machine` =~ /Reply/){
print OUTFILE "$Machine\,";
Win32::NetAdmin::LocalGroupGetMembers($Machine,
'Administrators', \@admins) || die "$^E\n";
foreach $user(@admins){
print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
}
print OUTFILE "\,";
Win32::NetAdmin::LocalGroupGetMembers($Machine, 'Power
Users', \@pusers) || die "$^E\n";
foreach $user(@pusers){
print OUTFILE "$user\:" unless ($user =~
/administrator|domain admins/i);
}
print OUTFILE "\n";
}else{
print OUTFILE "$Machine\,Down\n";
}
}
close OUTFILE;
************************************************************************
****
Good luck,
Jason
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Tinu Koshy (CISD)
Sent: Monday, July 23, 2007 11:51 PM
To: security-basics@securityfocus.com
Subject: Administrators & Power Users
Greetings List,
I have an environment where too many people are local administrators or
power users on their PCs. I was looking at a tool which might scan the
network (by subnet) to tell me the admin & power user groups on PCs.
It could even be a remote registry scan tool but please let me know
which registry value I must look into.
Thanks & Regards,
Tinu Koshy
