Search the Site

Sponsors

bottom corner

Checking for unauthorized local Windows administrator group members with VBScript

Sometimes users may add themselves to the administrators group of their own Windows computers without authorization. This VBScript can find out who are not supposed to be there for system administrators to analyze later.

This page is filed under keyword(s): vbscript,windows.

The only item to configure is the arrRealAdmins array of strings, where you may put in a list of user names that you do not wish to show in the report. The example already include two common administrator names that should be valid, "Administrator" and "Domain Administrators".

Note that the sample code below outputs the invalid local administrator group members in a msgbox() pop-up box. You may wish to substitute this output method with something that may be more useful to you, such as outputting them to a report, write into a database, send email, etc.

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' List local admin users                                        '
'                                                               '
' Description: Finds a list of local admin users on a Windows   '
'     machine                                                   '
' Author: C. Peter Chen, http://dev-notes.com                   '
' Version Tracker:                                              '
'       1.0   20081021   Base version                           '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

option explicit
dim arrRealAdmins

'''''''''''''''''
' Configuration '
'''''''''''''''''
arrRealAdmins = Array("Administrator","Domain Admins")  ' List of users that *are* supposed to be administrators; we'll ignore these people later

'''''''''''''''''''''
' End configuration '
'''''''''''''''''''''

dim adminGroup, groupMember, ret

function isPermitedAdmin(MemberName)
	dim i
	for i = lbound(arrRealAdmins) to ubound(arrRealAdmins)
		if ucase(MemberName) = ucase(arrRealAdmins(i)) then
			isPermitedAdmin = true
			exit function
		end if
	next

	isPermitedAdmin = false
end function

set adminGroup = getObject("WinNT://./Administrators, group")
for each groupMember in adminGroup.members
	if not isPermitedAdmin(groupMember.name) then
    		ret = ret & groupMember.name & ","
	end if
next

if ret = "" then
	msgbox("No invalid local administrators found.")
else
	ret = mid(ret, 1, len(ret)-1) ' To get rid of the last comma
	msgbox("The following users are in the local admin group: " & vbcrlf & ret)
end if

Did you find this page useful? Please consider browsing other articles or subscribing to the RSS feed to keep up with latest.

This page is filed under keyword(s): vbscript,windows.
Author: C. Peter Chen
Last updated: 12 Nov 2008

bottom corner