Generate Local Admin report on Machines

I got email from client that they needs to find out users that have local administration rights on machine

The customer is using SCCM 2007 infrastructre also in the enviornment , so I researched on  internet weather it is possible to do this via SCCM.

Yes, its possible… I found from some forum that its possible by modifying sms_def.mof file & running vb script on client side using packaging.

Here are the steps:

1.  Edit inboxes\clifiles.src\hinv\sms_def.mof.  At the very bottom, add these lines.

[ SMS_Report (TRUE),SMS_Group_Name (“LocalAdmins”),SMS_Class_ID (“MICROSOFT|LocalAdmins|1.0”)]
class Win32_LocalAdmins : SMS_Class_Template
{
[SMS_Report(TRUE), key] string AccountName;
[SMS_Report(TRUE), key] string GroupName;
};

2.  Run this Vb script on client end using packaging

On Error Resume Next
'1 Create temporary .mof file in Temp folder
'2 mofcomp the created .mof file
'Kudos to Mike Seely-->http://www.myitforum.com/forums/Local_Admins_MOF/m_179546/tm.htm
'and of course Ward Lange, and report structure from Gavin Ross & Claudio Dhondt-->
'http://www.myitforum.com/forums/m_149305/tm.htm#149662
'6/8/08 Sherry Kissinger
Set fso = CreateObject("Scripting.FileSystemObject")
Set nwo = CreateObject("Wscript.Network")
Set sho = CreateObject("Wscript.Shell")
TempFolder = sho.ExpandEnvironmentStrings("%temp%")
strWindir = sho.ExpandEnvironmentStrings("%windir%")
Set f1 = fso.CreateTextFile(TempFolder & "\SMSLocalAdmin.mof",True)
f1.WriteLine("#pragma namespace ("&Chr(34)&"\\\\.\\root\\cimv2"&chr(34)&")")
f1.WriteLine("[union, ViewSources{"&chr(34)&"Select * from Win32_GroupUser where " &_
    "GroupComponent=\"&chr(34)&"Win32_Group.Domain='"&nwo.ComputerName&_
    "',Name='Administrators'\"&Chr(34)&Chr(34)&_
    "},ViewSpaces{"&Chr(34)&"\\\\.\\root\\CIMV2"&Chr(34)&"}, Dynamic : ToInstance, provider("&_
    Chr(34)&"MS_VIEW_INSTANCE_PROVIDER"&CHR(34)&")]")
f1.WriteLine("class Win32_LocalAdmins")
f1.WriteLine("{")
f1.WriteLine("[PropertySources("&chr(34)&"PartComponent"&chr(34)&"), key] Win32_Account ref AccountName;")
f1.WriteLine("[PropertySources("&chr(34)&"GroupComponent"&chr(34)&"), key] Win32_Group ref GroupName;")
f1.WriteLine("};")
f1.Close
sho.Run strWindir & "\system32\wbem\mofcomp " & TempFolder & "\SMSLocalAdmin.mof",0,True
Set f1 = fso.getFile(TempFolder & "\smslocaladmin.mof")
f1.Delete
wscript.quit
3. You can create a seprate collection if required
select SMS_R_SYSTEM.ResourceID
from SMS_R_System 
where 
SMS_R_System.ResourceId not in 
 (select SMS_R_System.ResourceId 
  from  SMS_R_System 
  inner join SMS_G_System_LOCALADMINS on SMS_G_System_LOCALADMINS.ResourceID = SMS_R_System.ResourceId 
  where SMS_G_System_LOCALADMINS.AccountName is not null)
4. Create a report with follwing sql commands
select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name' 
from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

After you run this report you will get the local administration report in proper format.
Thanks to the scripting guy who created it..
Advertisements

3 thoughts on “Generate Local Admin report on Machines

  1. After study just a few of the weblog posts in your website now, and I truly like your way of blogging. I bookmarked it to my bookmark website listing and will probably be checking again soon. Pls check out my web site as effectively and let me know what you think.

  2. After I initially commented I clicked the -Notify me when new feedback are added- checkbox and now every time a comment is added I get four emails with the identical comment. Is there any approach you’ll be able to remove me from that service? Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s