Friday, December 17, 2010

Generate Local Admin report on Machines

I got email from client that they needs to find out users that have local administration rights on machine

The customer is using SCCM 2007 infrastructre also in the enviornment , so I researched on  internet weather it is possible to do this via SCCM.

Yes, its possible... I found from some forum that its possible by modifying sms_def.mof file & running vb script on client side using packaging.

Here are the steps:

1.  Edit inboxes\clifiles.src\hinv\sms_def.mof.  At the very bottom, add these lines.

[ SMS_Report (TRUE),SMS_Group_Name ("LocalAdmins"),SMS_Class_ID ("MICROSOFT|LocalAdmins|1.0")]
class Win32_LocalAdmins : SMS_Class_Template
{
[SMS_Report(TRUE), key] string AccountName;
[SMS_Report(TRUE), key] string GroupName;
};

2.  Run this Vb script on client end using packaging
On Error Resume Next
'1 Create temporary .mof file in Temp folder
'2 mofcomp the created .mof file
'Kudos to Mike Seely-->http://www.myitforum.com/forums/Local_Admins_MOF/m_179546/tm.htm
'and of course Ward Lange, and report structure from Gavin Ross & Claudio Dhondt-->
'http://www.myitforum.com/forums/m_149305/tm.htm#149662
'6/8/08 Sherry Kissinger
Set fso = CreateObject("Scripting.FileSystemObject")
Set nwo = CreateObject("Wscript.Network")
Set sho = CreateObject("Wscript.Shell")
TempFolder = sho.ExpandEnvironmentStrings("%temp%")
strWindir = sho.ExpandEnvironmentStrings("%windir%")
Set f1 = fso.CreateTextFile(TempFolder & "\SMSLocalAdmin.mof",True)
f1.WriteLine("#pragma namespace ("&Chr(34)&"\\\\.\\root\\cimv2"&chr(34)&")")
f1.WriteLine("[union, ViewSources{"&chr(34)&"Select * from Win32_GroupUser where " &_
    "GroupComponent=\"&chr(34)&"Win32_Group.Domain='"&nwo.ComputerName&_
    "',Name='Administrators'\"&Chr(34)&Chr(34)&_
    "},ViewSpaces{"&Chr(34)&"\\\\.\\root\\CIMV2"&Chr(34)&"}, Dynamic : ToInstance, provider("&_
    Chr(34)&"MS_VIEW_INSTANCE_PROVIDER"&CHR(34)&")]")
f1.WriteLine("class Win32_LocalAdmins")
f1.WriteLine("{")
f1.WriteLine("[PropertySources("&chr(34)&"PartComponent"&chr(34)&"), key] Win32_Account ref AccountName;")
f1.WriteLine("[PropertySources("&chr(34)&"GroupComponent"&chr(34)&"), key] Win32_Group ref GroupName;")
f1.WriteLine("};")
f1.Close
sho.Run strWindir & "\system32\wbem\mofcomp " & TempFolder & "\SMSLocalAdmin.mof",0,True
Set f1 = fso.getFile(TempFolder & "\smslocaladmin.mof")
f1.Delete
wscript.quit
3. You can create a seprate collection if required
select SMS_R_SYSTEM.ResourceID
from SMS_R_System 
where 
SMS_R_System.ResourceId not in 
 (select SMS_R_System.ResourceId 
  from  SMS_R_System 
  inner join SMS_G_System_LOCALADMINS on SMS_G_System_LOCALADMINS.ResourceID = SMS_R_System.ResourceId 
  where SMS_G_System_LOCALADMINS.AccountName is not null)
4. Create a report with follwing sql commands
select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name' 
from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

After you run this report you will get the local administration report in proper format.
Thanks to the scripting guy who created it..

3 comments:

  1. After study just a few of the weblog posts in your website now, and I truly like your way of blogging. I bookmarked it to my bookmark website listing and will probably be checking again soon. Pls check out my web site as effectively and let me know what you think.

    ReplyDelete
  2. After I initially commented I clicked the -Notify me when new feedback are added- checkbox and now every time a comment is added I get four emails with the identical comment. Is there any approach you'll be able to remove me from that service? Thanks!

    ReplyDelete
  3. I've been following your blog since you started. You have made amazing progress. This site is an inspiration for all pursuing a long transition versus the big chop.

    - Rob

    ReplyDelete