Couldn't you just write a CI that tries writing to a system folder and run it in the user context?
On Tue, Jul 14, 2015, 7:00 PM Roland Janus <[email protected]> wrote: > Exactly and even if done in CM, it would go back to “a group in a group, > in local admins…” > > If CM can do it, I probably have the method for what I’m trying to do, but > I couldn’t find anything like that. > > > > I’ve done the regular CM inventory, but again, that basically returns the > members of the local groups. > > I wouldn’t be able to see if the user is an admin if he is member of a > domain group which is in local admins. > > I would need to interpret all that information > > > > I also figured I don’t need the CM inventory, since I use GPP to enforce > the members and use domain groups to grant single users admin access to > specific clients. One group per client and I have granted the access, have > it documented and made sure it stays like that. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Sherry Kissinger > *Sent:* Mittwoch, 15. Juli 2015 00:19 > > > *To:* [email protected] > *Subject:* Re: [mssms] OT: Get if user is an admin > > I think he just wants the posh (targeting a remote workstation). doesn't > care about making it work in CM or not for any reason. > > > > > > > > On Tuesday, July 14, 2015 5:16 PM, Daniel Ratliff <[email protected]> > wrote: > > > > There is a way to do it in powershell, could make a ci possibly. I'll see > if I can find it tomorrow. > > -----Original Message----- > *From: *Sherry Kissinger [[email protected]] > *Sent: *Tuesday, July 14, 2015 06:12 PM Eastern Standard Time > *To: *[email protected] > *Subject: *Re: [mssms] OT: Get if user is an admin > > Yeah, that works, but what he wants is not just that--a report in SRS. > what he wants is "ok, we know Sherry is the current logged on user... is > the username "ourdomain\Sherry" somehow nested into a group, which is > nested into a group, which is nested into a group, which is in the local > Administrators group on this specific box? I need to know just a "Yes" or > a "No" RIGHT NOW, but I can't be bothered to go look that up in AD users > and computers" > > > > That... I have no idea. Sounds like complex LDAP queries and recursive > queries and just... scary. :) > > > > > > > > On Tuesday, July 14, 2015 4:18 PM, "Lindenfeld, Ivan" < > [email protected]> wrote: > > > > There’s a HINV extension someone wrote, probably Ms. Kissinger. It puts > the membership of all local groups into a WMI class and HINV collects it. > > > > BAM! > http://myitforum.com/cs2/blogs/skissinger/archive/2010/04/25/report-on-all-members-of-all-local-groups.aspx > > > > This works great for us, I have a little report that spits out all users > in local admins by workstation name. > > > > Ivan Lindenfeld > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of* Roland Janus > > > *Sent:* Tuesday, July 14, 2015 3:51 PM > *To:* > > [email protected] > > > *Subject:* RE: [mssms] OT: Get if user is an admin > > > > Bump. No one? > > > > > > > > *From:*[email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of* Roland Janus > *Sent:* Samstag, 11. Juli 2015 15:34 > *To:* [email protected] > *Subject:* [mssms] OT: Get if user is an admin > > > > You know how to get that information? > > > > I’m not asking if the user has admin rights currently, considering also > UAC, but if it is through any group, local or *domain*, part of the local > admin group and potentially can get admin rights (UAC) > > > > Something like this only working locally when started as the user itself: > > whoami /groups > > > > which works in a domain through domain groups: > > BUILTIN\Administrators > Alias S-1-5-32-544 > > > > Now the catch, also against a remote machine. I know the remote user > account, but is that user a member of local administrators through any > group membership? > > > > I haven’t found anything useful, preferable in powershell. > > At the end I just need true or false. > > > > It’s for a tool, connecting to a remote computer, retrieving the currently > logged on user, but I can’t get the information if that user is a local > admin. > > > > Have I explained what I’m looking for good enough? J > > Any ideas? > > > > -R > > > > > > > > > ------------------------------ > > NOTICE: The information contained in this message is proprietary and/or > confidential and may be privileged. If you are not the intended recipient > of this communication, you are hereby notified to: (i) delete the message > and all copies; (ii) do not disclose, distribute or use the message in any > manner; and (iii) notify the sender immediately. > > > The information transmitted is intended only for the person or entity to > which it is addressed > and may contain CONFIDENTIAL material. If you receive this > material/information in error, > please contact the sender and delete or destroy the material/information. >
