check user groups

  • Thread starter Thread starter powtrix
  • Start date Start date
P

powtrix

Hi,
is possible to verify if an user is in administrators group, ex.:

IF %username% "isin" "%COMPUTERNAME%\Administrators" do (
...
)
or "DOMAIN\Domain Admins"..

Because I want to run some commands at netlogon script only if the
user is a local administrator.
thank you.
 
Hi,
is possible to verify if an user is in administrators group, ex.:

IF %username% "isin" "%COMPUTERNAME%\Administrators" do (
...
)
or "DOMAIN\Domain Admins"..

Because I want to run some commands at netlogon script only if the
user is a local administrator.
thank you.
Click to expand...

There is a utility IFMEMBER that does what you're looking for. Search the MS
website for it.
 
Matt Williamson said:
There is a utility IFMEMBER that does what you're looking for. Search the
MS website for it.
Click to expand...

Note that the IFMEMBER utility may only test for an account's direct
membership, whereas actual administratorship can be inherited through group
nesting but not be detectable by IFMEMBER.

/Al
 
found a way that works without addon

@echo off
net localgroup administradores | find /i "%username%"
if "%errorlevel%"=="1" (
echo usuario "%username%" NON eh administrador
goto:eof
) else (
echo usuario "%username%" eh administrador
call \\server\netlogon\updates.cmd
)


notes:
users/groups are in portuguese as well.

tks ^D
 
powtrix said:
found a way that works without addon

@echo off
net localgroup administradores | find /i "%username%"
if "%errorlevel%"=="1" (
echo usuario "%username%" NON eh administrador
goto:eof
) else (
echo usuario "%username%" eh administrador
call \\server\netlogon\updates.cmd
)
Click to expand...

This will certainly flag any user that is a direct member of the
administrators group, however, it will miss anyone who is a member of a
domain group that is a member of administrators. It will also register false
positives. Here is the output from my own computer:

C:\Documents and Settings\Al>net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to
the compu
ter/domain

Members

-------------------------------------------------------------------------------
Administrator
admAl
The command completed successfully.

Given that my normal account is Al and my admin account is admAl, both will
appear to be administrators. Also, usernames such as Ali, Strat, men, mem,
comma, sfu, and etc will also be falsely flagged as administrator when
clearly they are not (at least not on my machine).

/Al
 
yes, this is fine for me:

:ADMLOCAL
NET LOCALGROUP Administradores | FIND /I "%USERNAME%" > NUL && GOTO
INI || GOTO ADMDOM

:ADMDOM
NET GROUP "Domain Admins" /DOMAIN | FIND /I "%USERNAME%" > NUL && GOTO
INI || GOTO :EOF

:INI
echo admin user active [%username%].


tks__
powtrix
 
Back
Top