none
How to Obtain List of User Accounts Displayed in 'Netplwiz.exe'? RRS feed

  • Question

  • I need to find a way to audit what user accounts are on a machine (via netplwiz.exe, NOT lusrmgr.msc).  I have not found any parameters for netplwiz.exe to help.  Specifically, I need to determine for a machine what domain credentials have been added to the local machine and given 'Administrator' privileges.  Please see the highlighted information to understand what I'm looking for in the image below:

    I need to determine these three peices of information...

    I have found that there are users floating around out there with administrative privileges (on their machine) that were added which need to be removed.  I plan on running this script on all machines and forming a report.  VBS would be preferred!  Thank you!

    EDIT: I have tried looking in a number of the following libraries (but not all) but have not had any luck.  Maybe this information will help someone!....

    • Win32_Account
    • Win32_GroupInDomain
    • Win32_GroupUser
    • Win32_SystemUsers
    • Win32_SystemAccount
    • Win32_Group
    • Win32_UserAccount
    • Edited by jondehen Wednesday, May 14, 2014 2:58 PM
    Wednesday, May 14, 2014 2:54 PM

Answers

  • There are scripts in the repository that can retrieve the members of the local Administrators group, such as this one. I wrote about that script in this blog entry.


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by jondehen Wednesday, May 14, 2014 5:22 PM
    Wednesday, May 14, 2014 3:07 PM
    Moderator

All replies

  • You don't need a script. Just use the "restricted groups" feature of Group Policy.

    -- Bill Stewart [Bill_Stewart]

    Wednesday, May 14, 2014 2:57 PM
    Moderator
  • You don't need a script. Just use the "restricted groups" feature of Group Policy.

    -- Bill Stewart [Bill_Stewart]

    Hi Bill, I will look into that option now as I'm currently unfamiliar with it.  Will this be able to report who is setup on each machine this way?  I'm not looking to create any users, only report who has been added.  Do you have any steps I can follow to find this information?  Thank you for the lightning-quick reply!
    Wednesday, May 14, 2014 3:01 PM
  • There are scripts in the repository that can retrieve the members of the local Administrators group, such as this one. I wrote about that script in this blog entry.


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by jondehen Wednesday, May 14, 2014 5:22 PM
    Wednesday, May 14, 2014 3:07 PM
    Moderator
  • Awesome!  I hadn't realized that's where they were actually placed.  I will play with your script but am confident that it will report on what I want to know.  I'll mark your answer correct just as soon as I do!  Thanks Bill!
    Wednesday, May 14, 2014 3:19 PM
  • I ended up using the following snippet of VBS to accomplish what I needed to do.  It can be used to report what domain users are in a machine's local administrator's group, provided a specified <domain>.  It will report on the target machine.  Hope this helps someone!

    Set objWinNT = GetObject("WinNT://./Administrators,group")
    For Each item In objWinNT.Members
    	strDomain = mid(item.Parent, 9) ' truncate domain name
    	
    	' If TRUE, we have a domain Administrator account added to the local Administrators group
    	If strDomain = "<domain>" Then
    		Wscript.Echo strDomain & "\" & item.Name
    	End If
    	
    Next

    Wednesday, May 14, 2014 5:22 PM
  • Note that your script won't work if 1) The remote computer is a non-English version of Windows or 2) the local Administrators group has been renamed.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, May 14, 2014 5:26 PM
    Moderator