Hi Tom A big woops I guess - a & was missing :)
For /F %i IN (computerlist.txt) do echo %i >> logfile.txt & psexec \\%i net user >> logfile.txt Try that - and see if it works - im using rcmd.exe (windows resource kit) instead of psexec (works faster) Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 7:27 AM To: [email protected] Subject: Re: [ActiveDir] 2 quick favors i'm running as EA, so i don't think so. the command just echo's everything after "echo"' for some reason. i'm running it from a winxp sp2 box. it doesn't seem like perms but i'm screwing up the syntax. turn echo off? as it is now, it just echos the psexec invoking net user with no output to the stdout and the logfile. very strange. i don't know where to begin to figure this out.... thanks On 8/11/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi Tom, > > For my system it shows like these below > > C:\Documents and Settings\fhartono>psexec \\xxxxxx net user > > PsExec v1.57 - Execute processes remotely > Copyright (C) 2001-2005 Mark Russinovich > Sysinternals - www.sysinternals.com > > > > User accounts for \\ > > ------------------------------------------------------------------------------- > locadmin RenamedGuest TsInternetUser > The command completed with one or more errors. > > net exited on xxxxxx with error code 1. > > Permission issue? > > Thank you and have a splendid day! > > Kind Regards, > > Freddy Hartono > Windows Administrator (ADSM/NT Security) > Spherion Technology Group, Singapore > For Agilent Technologies > E-mail: [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Friday, August 12, 2005 2:55 AM > To: [email protected] > Subject: Re: [ActiveDir] 2 quick favors > > I think i'm screwing up the syntax. > this is a sample output in logfile.txt- > > workstationpc psexec \\workstationpc net user > > thats all. > > thanks > > > > On 8/10/05, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > For part 2 > > > > Download psexec.exe (sysinternals) > > > > Create a computerlist.txt with all the pcnames (FQDN if you don't trust > > your wins) > > > > >From command line (replace %i with %%i if using batch file) using your > > >DA/EA credentials for example > > > > For /F %i IN (computerlist.txt) do echo %i >> logfile.txt psexec \\%i net > > user >> logfile.txt > > > > Note: Above will query remotely irregardless if computer is online or > > offline (slow if offline) - you can modify to include ping test if you want. > > > > Thank you and have a splendid day! > > > > Kind Regards, > > > > Freddy Hartono > > Windows Administrator (ADSM/NT Security) > > Spherion Technology Group, Singapore > > For Agilent Technologies > > E-mail: [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > Sent: Wednesday, August 10, 2005 11:47 PM > > To: [email protected] > > Subject: Re: [ActiveDir] 2 quick favors > > > > I get errors with this script- "the active directory property cannot > > be found in the cache" > > > > I'm running win2k native mode domain. > > > > thanks. sorry to bother. > > > > On 8/10/05, Alain Lissoir <[EMAIL PROTECTED]> wrote: > > > For 1/, try this one below. For 2/ I don't have one close but I'm sure > > > some > > > folks here can feed you ... > > > > > > The script doesn't dump in a text file, but that's an easy addition. HTH > > > > > > ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir > > > ' > > > ' WSH Script browsing the 'DefaultNamingContext' and the > > > 'configurationNamingContext' > > > ' to retrieve the Group Policies linked to AD objects. > > > ' This should facilitate the search of created policies in the Active > > > Directory. > > > ' > > > ' The script is using a basic LDAP access in the current user context, > > > ' so, you should have enough rights to access AD objects. > > > ' > > > ' Change in version 1.04 > > > ' > > > ' - Add an error Handler in the "ShowMemberInfo" Private Sub > > > ' > > > ' Change in version 1.02 > > > ' > > > ' - Query the schema to get the property list associated to the > > > 'groupPolicyContainer' class. > > > ' - Display only the defined properties for that class. > > > ' - For the defined properties, the scripts shows the syntax to be used by > > > the property. > > > ' - Take in account the fact that more than one policy can be defined at > > > the > > > container level. > > > ' > > > ' Change in version 1.01 > > > ' > > > ' - Add some code to bind to the GPLink LDAP Pointer to extract some > > > properties. > > > ' > > > ' Any comments or questions: EMail:[EMAIL PROTECTED] > > > > > > Option Explicit > > > > > > Dim ObjRoot > > > Dim Object > > > Dim ObjMember > > > > > > ' > > > ---------------------------------------------------------------------------- > > > ------- > > > WScript.Echo > > > WScript.Echo "Looking inside 'configurationNamingContext'" > > > Set objRoot = GetObject("LDAP://RootDSE") > > > Object = objRoot.Get("configurationNamingContext") > > > > > > Call LookInsideObject (Object) > > > > > > Set Object = Nothing > > > Set objRoot = Nothing > > > > > > ' > > > ---------------------------------------------------------------------------- > > > ------- > > > WScript.Echo > > > WScript.Echo "Looking inside 'DefaultNamingContext'" > > > Set objRoot = GetObject("LDAP://RootDSE") > > > Object = objRoot.Get("DefaultNamingContext") > > > > > > Call LookInsideObject (Object) > > > > > > Set Object = Nothing > > > Set objRoot = Nothing > > > > > > WScript.Quit (0) > > > > > > ' > > > ---------------------------------------------------------------------------- > > > ------- > > > Private Sub LookInsideObject (Object) > > > > > > Dim objMember > > > Dim Member > > > > > > Set objMember = GetObject ("LDAP://" & Object) > > > > > > if objMember.Class <> "sitesContainer" And _ > > > objMember.Class <> "container" And _ > > > objMember.Class <> "configuration" _ > > > Then Call ShowMemberInfo (objMember) > > > > > > For Each Member in objMember > > > If Member.Class = "domainDNS" Or _ > > > Member.Class = "organizationalUnit" Or _ > > > Member.Class = "sitesContainer" Or _ > > > Member.Class = "site" Or _ > > > Member.Class = "container" _ > > > Then Call LookInsideObject (Member.Name & "," & Object) > > > Next > > > > > > Set objMember = Nothing > > > > > > End Sub > > > > > > ' > > > ---------------------------------------------------------------------------- > > > ------- > > > Private Sub ShowMemberInfo (Object) > > > > > > Dim longStartPolicyPath > > > Dim longEndPolicyPath > > > Dim strPolicyPathSource > > > Dim strPolicyPath > > > > > > Dim objPolicy > > > Dim objPolicyClassDef > > > Dim objPolicyProperty > > > > > > Dim strPropertyName > > > > > > Object.GetInfo > > > > > > If Object.GPLink = "" Then > > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > > WScript.Echo "(No Group Policy Defined)" > > > WScript.Echo > > > End If > > > > > > strPolicyPathSource = Object.GPLink > > > > > > While (strPolicyPathSource <> "") > > > > > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > > > > > ' Extract each LDAP pointer from the GPLink. > > > longStartPolicyPath = InStr(1, strPolicyPathSource, "[", > > > vbTextCompare) > > > longEndPolicyPath = InStr(1, strPolicyPathSource, "]", > > > vbTextCompare) > > > strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, > > > longEndPolicyPath - 4) > > > strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + > > > 1) > > > > > > Set objPolicy = GetObject(strPolicyPath) > > > > > > objPolicy.GetInfo > > > > > > WScript.Echo "Found an existing Policy: '" & > > > objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")" > > > WScript.Echo " GPLink=" & strPolicyPath > > > > > > Set objPolicyClassDef = GetObject (objPolicy.Schema) > > > > > > On error Goto ErrorHandler > > > > > > For Each strPropertyName In objPolicyClassDef.MandatoryProperties > > > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > > > + "/" + strPropertyName) > > > WScript.Echo " " & strPropertyName & "=" & > > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > > > Set objPolicyProperty = Nothing > > > Next > > > > > > For Each strPropertyName In objPolicyClassDef.OptionalProperties > > > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > > > + "/" + strPropertyName) > > > WScript.Echo " " & strPropertyName & "=" & > > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > > > Set objPolicyProperty = Nothing > > > Next > > > > > > Set objPolicyClassDef = Nothing > > > > > > Set objPolicy = Nothing > > > > > > WScript.Echo > > > > > > Wend > > > > > > Exit Sub > > > > > > ErrorHandler: > > > > > > WScript.Echo Err.Description & "(" & Err.Number & ")" > > > Resume Next > > > > > > End Sub > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > > Sent: Wednesday, August 10, 2005 6:19 AM > > > To: activedirectory > > > Subject: [ActiveDir] 2 quick favors > > > > > > Does anyone know of a tool to enumerate all GPO's in a domain listing all > > > the specific settings enabled that i can spit out to text file. > > > the enviorment i work in is all win2k pro/server so GPMC is out. > > > Also, gpotool doesn't seem to show specific links and what settings are > > > enabled. > > > > > > Second question is, does anyone have a script that can enumerate all the > > > local accounts and groups on domain memeber servers and workstations? > > > > > > Thanks a lot. > > > I apologize for being so needy. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
