Find out domain account with Local Admin Privilege

- August 23, 2011

hi,

there users whos domain id's member of computers local administrators group, change settings, install unwanted softwares etc. have find out users , need remove them local administrator group. can 1 suggest how can find out users.

raju

please check if there goup policy uses restricted goups let these domain users member of local admin group , don't have local admin accounts.

i recommand post in "the official scripting guys forum!" give script determines local admin group members , register output in text file. once done, can deploy script using group policies logon scripts , collect text files.

i found poweshell script:

function get-localgroupmembers ([string]$localcomputername, [string]$localgroupname) {
$groupobj =[adsi]"winnt://$localcomputername/$localgroupname"
$localmembers = @($groupobj.psbase.invoke("members"))
$localmembers | foreach {$_.gettype().invokemember("adspath","getproperty",$null,$_,$null)}

where should change $localcomputer computer name , $localgroupname local administrator group name.

you can save output in text file.

this link should help.

posting provided "as is" no warranties or guarantees , , confers no rights.

microsoft student partner
microsoft certified professional
microsoft certified systems administrator: security
microsoft certified systems engineer: security
microsoft certified technology specialist: windows server 2008 active directory, configuration
microsoft certified technology specialist: windows server 2008 network infrastructure, configuration

Windows Server > Management

Search This Blog

Combine

Find out domain account with Local Admin Privilege

Comments

Post a Comment

Popular posts from this blog

2008 Windows Deployment Server Properties Error

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

How do a find data in one file, search for it in another file and if not found, write a custom message to another file