How to Get the Content of the Local Administrators Group from an Config Mgr Client

This is a repost of some excellent work done by Sherry, Ed, and Ward that helped me greatly when faced with a "how soon can you do this" request from my managers. Can't wait to see the additional work that Sherry spoke about at MMS for doing this kind of thing for All local groups at the same time.

Report on Local Administrators Group Membership - Updated

Ward Lange's original MOF edit works great for Windows 2000 and Windows XP; but for Windows Server 2003 and Windows Vista, the "BUILTIN" needed to be replaced with the local computer's name.  Unfortunately, I have yet to hear of a way to use a dynamic variable in the MOF.

Mike Seely posted a script on the forum. With his permission I've used it to show a different method to gather the contents of the local Administrators group.

• Edit inboxes\clifiles.src\hinv\sms_def.mof.  At the very bottom, add these lines.  These are identical to Ward Lange's MOF edit, so if you've already implemented that one, no need to change anything.

[ SMS_Report (TRUE),SMS_Group_Name ("LocalAdmins"),SMS_Class_ID ("MICROSOFT|LocalAdmins|1.0")]

class Win32_LocalAdmins : SMS_Class_Template

{

[SMS_Report(TRUE), key] string AccountName;

[SMS_Report(TRUE), key] string GroupName;

};

• Do not add anything to Configuration.mof.  If you've previously implemented Ward Lange's, remove the section from configuration.mof.  If you are on SMS 2003 (not configMgr) and have already implemended Ward Lange's edit, you will want to remove the data section, leaving just the reporting section (the section above).
• Attached is a .txt file; rename it to .vbs.  Place it in a Source folder, and create a package/program for it, to run whether or not user logged in.  
• The Collection Query I suggest using for the advertisement is this, I'd set it to be recurring every few days so if a computer loses the WMI information somehow, it gets it back.

select SMS_R_SYSTEM.ResourceID

from SMS_R_System

where

SMS_R_System.ResourceId not in

(select SMS_R_System.ResourceId

 from  SMS_R_System

 inner join SMS_G_System_LOCALADMINS on SMS_G_System_LOCALADMINS.ResourceID = SMS_R_System.ResourceId

 where SMS_G_System_LOCALADMINS.AccountName is not null)

So, what does this combination do?  The sms_def.mof edit will set your hardware inventory policy to report on local administrators group membership.  The vbscript advertisement will create the WMI data entry using the computer name.  It doesn't really matter if configuration.mof built it or something else built it--once it's there, Hardware Inventory policy will be able to use it.

A sample report to use once you have this data:

select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name'

from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

Note 1: The vbscript specifically looks for members of the 'Administrators' group.  If you have alternate groups you need to look for, like Administrateurs, or Administraten, modify the script.

Note 2: If the vbscript was run, and since then the computer has been renamed, the script will need to run again to update to the new name.

Original article (includes screenshots of what the sample report looks like): www.myitforum.com/.../view.asp