Home page logo

pen-test logo Penetration Testing mailing list archives

Re: User group tool
From: John Skinner <john.skinner () vanderbilt edu>
Date: Thu, 14 Sep 2006 22:12:34 -0500

To get a list of all users in the admin group...

hostname >> c:\output.txt
time /t >> c:\output.txt
date /t >> c:\output.txt
net localgroup administrators | find /v "Alias" | find /v "Comment" | find
/v "-" | find /v "Members" | find /v "The command" >> c:\output.txt
echo ****************************** >> c:\output.txt

Copy above into a.BAT or .CMD file, then use a Windows GPO or login script
to run it on all your computers.

You can change the path to the file it writes and make it on a network share
of your server.

If you want to delete all the users out of the Administrators group except
only the ones you specify, you can write a GPO for this by configuring the
this in the policy...

Computer Configuration/Windows Settings/Security Settings/Restricted Groups
add a group named "Administrators" and configure it to have only the user
accounts you want (if domain accounts, add as DOMAIN\username) and what
groups to be in.

John Skinner
Computer Systems Administrator
Vanderbilt University

-----Original Message-----
On 9/14/06, Bud Gordon <bud.gordon () hughes net> wrote:
I am looking for a tool or script that will let me ferret out users that
are members of the admin group (preferably from a command line).  I have
google'd and use pwdump for lists etc; I also use net user and net group
to show me the users and groups, but I need to see who is admin.


Thank you!!

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]