local admin - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » local admin

Page 1 of 2

1

Topic Options

#71419 - 2002-11-06 06:24 PM local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	Hi I am again.. just looking for a peice of script to check logon user having local admin rights if so remove him form local admin group...I made a search but no use.. _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71420 - 2002-11-06 06:27 PM Re: local admin
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	if ingroup("@wksta\administrators") shell 'cmd /c net group administrators @userid /del' endif _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#71421 - 2002-11-06 06:27 PM Re: local admin
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Well, you should elaborate a bit... Local user? Domain user? Member of local Administrators? Member of group that is member of local Administrators? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#71422 - 2002-11-06 06:33 PM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	Thanx Radimus I'll try it out and let u know.. I mean Member of local admin, I am using NT4 boxes Regards _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71423 - 2002-11-09 08:50 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	That's not working Radimus it shows "This command can be used only in Windows NT doamin controler" It is not even checking user belongs to local admin group or not. Saleem _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71424 - 2002-11-09 08:51 AM Re: local admin
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Please post your exact code or command. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#71425 - 2002-11-09 09:09 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	if ingroup("@wksta\administrators") shell "%comspec% /c net group administrators \del" endif _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71426 - 2002-11-09 10:35 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	This is my code if ingroup("@wksta\administrators") ? @userid shell "%comspec% /c net group administrators @userid /del" endif I think it is failing on the ingroup part when I ran "net group administrators @userid /del" alone it was showing that u can run this command only on NT domain I would appriciate if any one cam help.. _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71427 - 2002-11-10 03:29 AM Re: local admin
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Try this: code: if ingroup(@wksta+'\Administrators') ? 'Administrator '+@userid else ? 'Not an Administrator '+@userid endif and please familiarize yourself with some basic error checking routines like the use of DEBUG ON and @ERROR/@SERROR to display error codes. _________________________ There are two types of vessels, submarines and targets.
Top

#71428 - 2002-11-10 09:52 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	Thanx for that clue if ingroup(@wksta+'Administrators') ? 'Administrator '+@userid else ? 'Not an Administrator '+@userid ? @serror endif I have enabled @serror and tried it gave me Not an Administrator 000182 The specified domain did not exist. if ingroup(@wksta+'\Administrators') ? 'Administrator '+@userid else ? 'Not an Administrator '+@userid ? @serror endif Result was this… Not an Administrator 000182 The operation completed successfully. It seems it is not recognizing Local admin group. _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71429 - 2002-11-10 01:53 PM Re: local admin
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	What OS is the client? What version of KiX? What is @WKSTA? Have you tried to flush the group cache with /F? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#71430 - 2002-11-10 04:01 PM Re: local admin
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Saleem: Please post your code in betweeen [CODE] tags as specified in the KiXtart Starter's Guide in the FAQ Forum. I also made a slight mistake in the code provided to you by omitting the requisite double bashes. Corrected code is below: code: if ingroup('\\'+@wksta+'\Administrators') ? 'Administrator '+@userid else ? 'Not an Administrator '+@userid endif This is documented in the KiXtart Manual. [ 10. November 2002, 16:04: Message edited by: sealeopard ] _________________________ There are two types of vessels, submarines and targets.
Top

#71431 - 2002-11-10 07:23 PM Re: local admin
Jeroen Jeroen Starting to like KiXtart Registered: 2001-08-16 Posts: 180 Loc: Netherlands	The error you're getting is because of the NET GROUP command. That's not correct, and should be NET LOCALGROUP instead... _________________________ Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.
Top

#71432 - 2002-11-10 07:26 PM Re: local admin
Jeroen Jeroen Starting to like KiXtart Registered: 2001-08-16 Posts: 180 Loc: Netherlands	P.s. And if you're using multiple domains, trusts, and all such things, (or plan on using them) you should maybe add the domain where the useraccount resides too in your shell command. _________________________ Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.
Top

#71433 - 2002-11-10 08:15 PM Re: local admin
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Saleem, You still haven't answered all my questions. I had 4 questions, you gave 1 answer. OK, so assuming it is a domain user that is a direct member of a local group, it should go something like this (untested): code: if ingroup("\\"+@wksta+"\administrators") $ShellCMD="%comspec% /c net localgroup administrators "+@Domain+"\"+@userid+" /del" $ShellCMD ? ;Shell $ShellCMD endif You would obviously have to remove the comment. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#71434 - 2002-11-11 05:05 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	Thanx Guys this time it worked... sory for late reply cause now the time here is 8:08 am I just started my day code: if ingroup("\\"+@wksta+"\administrators") $ShellCMD="%comspec% /c net localgroup administrators "+@Domain+"\"+@userid+" /del" $ShellCMD ? Shell $ShellCMD endif This one did the Job... Yes ur right I am checking domain user member of PC loacal admin, This site is just great.. One more question any way to remove shares in local PC's ? some of my users have shared folders according to our policy it is not allowed. I think this time [code] is also worked. _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71435 - 2002-11-11 05:26 AM Re: local admin
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	If you have W2K, use a policy. Or if NT4, use an Admin script to only allow Admninistrators to "Access this computer from the network" . Access this computer from the network _________________________ Home page: http://www.kixhelp.com/hb/
Top

#71436 - 2002-11-11 05:32 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	That link is about win2k my users are using NT4 I think u got my point I wana unshare localy shared folders _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

#71437 - 2002-11-11 05:52 AM Re: local admin
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	These are the things you may want to read up on. LsaAddAccountRights Grants privileges to a sid. To convert account names to sid's use LsaLookupNames. Be really carefully with the sid. If the sid does not belong to a user, LsaAddAccountRights creates a new user without a user name. LsaRemoveAccountRights Removes privileges from a sid. To convert account names to sid's use LsaLookupNames. If the optional parameter $all is not null, all privileges for $sid will be removed. In this case, @privileges has no meaning. Note: there is a mistake in the documentation from Microsoft (see the platform sdk). If you remove all privileges with the $all parameter the account won't be deleted. The right is SE_NETWORK_LOGON_NAME. Unfortunately, I only know how to access them via Perl at this time. Maybe someone else can add more information or provide a way to search and destroy your unathorized shares. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#71438 - 2002-11-12 05:54 AM Re: local admin
Saleem Saleem Hey THIS is FUN Registered: 2001-04-11 Posts: 280 Loc: UAE	I stil waiting to see a kix script _________________________ “I’ll not change you unless you don’t have intention to change yourself” --H:Quran
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 2924 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.088 seconds in which 0.056 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking