Yeah, that works, but what he wants is not just that--a report in SRS. what he
wants is "ok, we know Sherry is the current logged on user... is the username
"ourdomain\Sherry" somehow nested into a group, which is nested into a group,
which is nested into a group, which is in the local Administrators group on
this specific box? I need to know just a "Yes" or a "No" RIGHT NOW, but I
can't be bothered to go look that up in AD users and computers"
That... I have no idea. Sounds like complex LDAP queries and recursive queries
and just... scary. :)
On Tuesday, July 14, 2015 4:18 PM, "Lindenfeld, Ivan"
<[email protected]> wrote:
#yiv7715582859 #yiv7715582859 -- _filtered #yiv7715582859
{font-family:Wingdings;panose-1:5 0 0 0 0 0 0 0 0 0;} _filtered #yiv7715582859
{panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv7715582859
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv7715582859
{panose-1:2 11 6 4 2 2 2 2 2 4;}#yiv7715582859 #yiv7715582859
p.yiv7715582859MsoNormal, #yiv7715582859 li.yiv7715582859MsoNormal,
#yiv7715582859 div.yiv7715582859MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv7715582859 a:link,
#yiv7715582859 span.yiv7715582859MsoHyperlink
{color:#0563C1;text-decoration:underline;}#yiv7715582859 a:visited,
#yiv7715582859 span.yiv7715582859MsoHyperlinkFollowed
{color:#954F72;text-decoration:underline;}#yiv7715582859
p.yiv7715582859msonormal0, #yiv7715582859 li.yiv7715582859msonormal0,
#yiv7715582859 div.yiv7715582859msonormal0
{margin-right:0in;margin-left:0in;font-size:12.0pt;}#yiv7715582859
span.yiv7715582859EmailStyle18 {color:windowtext;}#yiv7715582859
span.yiv7715582859EmailStyle19 {color:#1F497D;}#yiv7715582859
span.yiv7715582859EmailStyle20 {color:#1F497D;}#yiv7715582859
.yiv7715582859MsoChpDefault {font-size:10.0pt;} _filtered #yiv7715582859
{margin:70.85pt 70.85pt 56.7pt 70.85pt;}#yiv7715582859
div.yiv7715582859WordSection1 {}#yiv7715582859 There’s a HINV extension someone
wrote, probably Ms. Kissinger. It puts the membership of all local groups into
a WMI class and HINV collects it. BAM!
http://myitforum.com/cs2/blogs/skissinger/archive/2010/04/25/report-on-all-members-of-all-local-groups.aspx
This works great for us, I have a little report that spits out all users in
local admins by workstation name. Ivan Lindenfeld From:
[email protected] [mailto:[email protected]]On Behalf
Of Roland Janus
Sent: Tuesday, July 14, 2015 3:51 PM
To: [email protected]
Subject: RE: [mssms] OT: Get if user is an admin Bump. No one?
From:[email protected] [mailto:[email protected]]On
Behalf Of Roland Janus
Sent: Samstag, 11. Juli 2015 15:34
To: [email protected]
Subject: [mssms] OT: Get if user is an admin You know how to get that
information? I’m not asking if the user has admin rights currently,
considering also UAC, but if it is through any group, local ordomain, part of
the local admin group and potentially can get admin rights (UAC) Something
like this only working locally when started as the user itself: whoami /groups
which works in a domain through domain groups: BUILTIN\Administrators
Alias S-1-5-32-544 Now the catch,
also against a remote machine. I know the remote user account, but is that user
a member of local administrators through any group membership? I haven’t
found anything useful, preferable in powershell. At the end I just need true or
false. It’s for a tool, connecting to a remote computer, retrieving the
currently logged on user, but I can’t get the information if that user is a
local admin. Have I explained what I’m looking for good enough? J Any ideas?
-R NOTICE: The information contained in this message is
proprietary and/or confidential and may be privileged. If you are not the
intended recipient of this communication, you are hereby notified to: (i)
delete the message and all copies; (ii) do not disclose, distribute or use the
message in any manner; and (iii) notify the sender immediately.
