Exactly and even if done in CM, it would go back to “a group in a group, in local admins…”
If CM can do it, I probably have the method for what I’m trying to do, but I couldn’t find anything like that. I’ve done the regular CM inventory, but again, that basically returns the members of the local groups. I wouldn’t be able to see if the user is an admin if he is member of a domain group which is in local admins. I would need to interpret all that information I also figured I don’t need the CM inventory, since I use GPP to enforce the members and use domain groups to grant single users admin access to specific clients. One group per client and I have granted the access, have it documented and made sure it stays like that. From: [email protected] [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Mittwoch, 15. Juli 2015 00:19 To: [email protected] Subject: Re: [mssms] OT: Get if user is an admin I think he just wants the posh (targeting a remote workstation). doesn't care about making it work in CM or not for any reason. On Tuesday, July 14, 2015 5:16 PM, Daniel Ratliff < <mailto:[email protected]> [email protected]> wrote: There is a way to do it in powershell, could make a ci possibly. I'll see if I can find it tomorrow. -----Original Message----- From: Sherry Kissinger [ <mailto:[email protected]> [email protected]] Sent: Tuesday, July 14, 2015 06:12 PM Eastern Standard Time To: <mailto:[email protected]> [email protected] Subject: Re: [mssms] OT: Get if user is an admin Yeah, that works, but what he wants is not just that--a report in SRS. what he wants is "ok, we know Sherry is the current logged on user... is the username "ourdomain\Sherry" somehow nested into a group, which is nested into a group, which is nested into a group, which is in the local Administrators group on this specific box? I need to know just a "Yes" or a "No" RIGHT NOW, but I can't be bothered to go look that up in AD users and computers" That... I have no idea. Sounds like complex LDAP queries and recursive queries and just... scary. :) On Tuesday, July 14, 2015 4:18 PM, "Lindenfeld, Ivan" < <mailto:[email protected]> [email protected]> wrote: There’s a HINV extension someone wrote, probably Ms. Kissinger. It puts the membership of all local groups into a WMI class and HINV collects it. BAM! <http://myitforum.com/cs2/blogs/skissinger/archive/2010/04/25/report-on-all-members-of-all-local-groups.aspx> http://myitforum.com/cs2/blogs/skissinger/archive/2010/04/25/report-on-all-members-of-all-local-groups.aspx This works great for us, I have a little report that spits out all users in local admins by workstation name. Ivan Lindenfeld From: <mailto:[email protected]> [email protected] [ <mailto:[email protected]> mailto:[email protected]] On Behalf Of Roland Janus Sent: Tuesday, July 14, 2015 3:51 PM To: <mailto:[email protected]> [email protected] Subject: RE: [mssms] OT: Get if user is an admin Bump. No one? From: <mailto:[email protected]> [email protected] [ <mailto:[email protected]> mailto:[email protected]] On Behalf Of Roland Janus Sent: Samstag, 11. Juli 2015 15:34 To: <mailto:[email protected]> [email protected] Subject: [mssms] OT: Get if user is an admin You know how to get that information? I’m not asking if the user has admin rights currently, considering also UAC, but if it is through any group, local or domain, part of the local admin group and potentially can get admin rights (UAC) Something like this only working locally when started as the user itself: whoami /groups which works in a domain through domain groups: BUILTIN\Administrators Alias S-1-5-32-544 Now the catch, also against a remote machine. I know the remote user account, but is that user a member of local administrators through any group membership? I haven’t found anything useful, preferable in powershell. At the end I just need true or false. It’s for a tool, connecting to a remote computer, retrieving the currently logged on user, but I can’t get the information if that user is a local admin. Have I explained what I’m looking for good enough? :) Any ideas? -R _____ NOTICE: The information contained in this message is proprietary and/or confidential and may be privileged. If you are not the intended recipient of this communication, you are hereby notified to: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
