none
Liist all Users in the Local Administrators Group with Status Enable/Disable for List Servers RRS feed

  • Question

  • Does somebody can help me with that? :(

    I have to list all users in local admin group for a list of servers ( same domain ), as follows:

    - Servername, Username, Domain, Status(Enable/Disable)

    I found some scripts but, none of them brought me STATUS.

    I need to list Local Users AND Domain Users, both being part of Local Admin Group.

    *** I think status will only appears for Local Users.

    I have Windows 2003 Servers in this configuration, so, I think I'll need to use VBScript instead of PowerShell! 

    Sorry, but about VBScript, I'm totally newbie!

    Thanks a lot! 

    Friday, November 13, 2015 4:53 AM

Answers

  • You are soooooo lucky! I also didn't find anything and couldn't believe it so I started writing and eventually I dediced to create a script. Let me know if it works for you and leave a comment at the Q/A section of the script if you find it useful! There were some catches with it combining AD and local users but solved it of course, let me know!

    https://gallery.technet.microsoft.com/Retrieve-Local-Group-0dd346dc

    .\Get-LocalGroupMembers.ps1 

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    Friday, November 13, 2015 12:27 PM

All replies

  • PowerShell work on  WS.

    Pre-written scripts are here: https://gallery.technet.microsoft.com/


    \_(ツ)_/

    Friday, November 13, 2015 9:40 AM
  • JRV, Thanks for answer! :)

    I tried to find a PowerShell or VBScript which brings me Status ( Enable or Disable ) included and I didn't find.

    Do you have a script like that?

    Thank you again!!!

    Friday, November 13, 2015 12:10 PM
  • You are soooooo lucky! I also didn't find anything and couldn't believe it so I started writing and eventually I dediced to create a script. Let me know if it works for you and leave a comment at the Q/A section of the script if you find it useful! There were some catches with it combining AD and local users but solved it of course, let me know!

    https://gallery.technet.microsoft.com/Retrieve-Local-Group-0dd346dc

    .\Get-LocalGroupMembers.ps1 

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    Friday, November 13, 2015 12:27 PM
  • There are many scripts there that can do what you ask.

    • Edited by jrv Friday, November 13, 2015 12:38 PM
    Friday, November 13, 2015 12:36 PM
  • Ruud! Thanks a lot!!! 

    But, when I tried to use, it returns me an error:

    PS C:\teste> 'WIN81-ZYCIHDF' | .\Get-LocalGroupMembers_ms.ps1

    Security warning
    Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
    computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
    message. Do you want to run C:\teste\Get-LocalGroupMembers_MS.ps1?
    [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
    Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an
    argument that is not null or empty, and then try the command again.
    At C:\teste\Get-LocalGroupMembers_MS.ps1:15 char:50
    +         $hostname = (Get-WmiObject -ComputerName $computer -Class Win32_Computer ...
    +                                                  ~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an
    argument that is not null or empty, and then try the command again.
    At C:\teste\Get-LocalGroupMembers_MS.ps1:16 char:151
    + ...  -ComputerName $computer |
    +                    ~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    Am I doing something wrong? 
    Thanks!


    Friday, November 13, 2015 12:59 PM
  • Sorry, works now, re-download please.

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, November 13, 2015 6:37 PM
  • Hi JRV, yes many scripts displaying members of local groups but not combined with user status and other properties which was asked by Ademir. Please correct me if I'm wrong.

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, November 13, 2015 6:46 PM
  • Rudd, you're GREAT!!!!!!!!!!!! 
    It worked exactly how I needed and how you said!!! 
    It's INCREDIBLE! 
    Can I ask for just one more thing! A little improvement:
    - I have more than 500 servers to be audited: Is there a way for your script read a .TXT with a list of servers and bring the same result?
    Once again, I'm totally newbie on write PowerShell or VBScript, sorry for that! 
    Another thing: will your script works on Windows 2000, 2003 and above? 
    Do I need to make any previous configuration on servers, before run?
    Thanks, man! You saved my day!  
    You did what a lot of person didn't! And I saw a LOT of scripts about this on internet!
    Congrats!!! 
    Friday, November 13, 2015 7:05 PM
  • Scope creep...


    -- Bill Stewart [Bill_Stewart]

    Friday, November 13, 2015 7:14 PM
    Moderator
  • Thanks! Most scripts don't display status for local and domain accounts  because it's difficult to retrieve for remote servers. And you have to retrieve it via WMI but I found a way :)

    It's quit easy to do this for multiple servers, you have to learn PowerShell because it's one of the basic things. First you read the file with 'get-content' , when you do that and have a server on each line in the text file PowerShell creates an array. Then you feed the array which you assigned to a variable via pipeline or via the name parameter to the script. Not all scripts have pipeline input enabled so always try the parameter if pipeline fails.

    $servers = get-content d:\temp\servers.txt $servers | .\Get-LocalGroupMembers.ps1

    # Orrrr

    .\Get-LocalGroupMembers.ps1 -Name $servers

    ## Output to gridview

    .\Get-LocalGroupMembers.ps1 -Name $servers | out-gridview

    ### export to csv

    .\Get-LocalGroupMembers.ps1 -Name $servers | export-csv d:\temp\export.csv -notypeinformation

    Almost forgot, always redownload the script to get the latest version and it works with PowerShell version 2 and greater.


    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.







    Friday, November 13, 2015 7:16 PM
  • What do you mean Bill?

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, November 13, 2015 7:31 PM
  • Read the sticky post at the top of this forum:

    This forum is for scripting questions rather than script requests

    Scope creep is a general project management term.

    (As in, "I forgot to mention that the script also has to do these other things. Will you redesign to meet my new specifications?")


    -- Bill Stewart [Bill_Stewart]

    Friday, November 13, 2015 7:57 PM
    Moderator
  • Ruud! I really need to learn PS :( The main problem is I need it for yesterday ( as always ) and I won't have time to learn it as fast as I need! :) But I will!!!!  

    It really works, but, I faced a problem when I run against a list of servers ( I improved the command line with export CSV, so I can open in an Excel later ):

    PS C:\scripts> $servers = get-content c:\scripts\servers.txt
    $servers | .\Get-LocalGroupMembers_MS.ps1 -GroupName Administrators |export-csv "C:\scripts\LocalGroupMembers_MS.csv" -NoTypeInformation

    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    At C:\scripts\Get-LocalGroupMembers_MS.ps1:15 char:22
    +         $hostname = (Get-WmiObject -ComputerName $computer -Class Win32_Computer ...
    +                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
        + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
     
    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    At C:\scripts\Get-LocalGroupMembers_MS.ps1:16 char:9
    +         Get-WmiObject -Query "SELECT * FROM Win32_GroupUser WHERE GroupComponent ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
        + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    There were 06 servers on test list and 02 were offline. It was expected!

    But, because of errors, there were no output! :(

    Maybe it's missing something like, continue on errors?

    Can you improve this too? 

    Sorry for so many ask! :(

    Thanks a lot! 

    Friday, November 13, 2015 8:10 PM
  • I'm not a native speaker :)  Thanks for reminding Bill, appreciated. 

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, November 13, 2015 8:38 PM
  • Then you need to check them with test-connection and remove servers which are offline, I will change the script over time. Keep watching the gallery item for updates, we should close this topic as Bill suggested.

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.



    Friday, November 13, 2015 8:40 PM
  • I'm not a native speaker :)

    No worries; your English is very good. Thanks for contributing answers to the forum.


    -- Bill Stewart [Bill_Stewart]

    Friday, November 13, 2015 8:44 PM
    Moderator
  • Thanks a lot Ruud! I'll keep following! :)

    And sorry Bill and Ruud, I really didn't know about that! :(

    Can it be moved to Script Request Page, as mentioned?

    I think a LOT of people will need it! 

    There's a lot of threads like that and Ruud was the only one which solved!

    I think it was a great contribution! 

    Thanks! 

    Ruud, as you, I'm not a native speaker! :)

    Friday, November 13, 2015 8:47 PM