Disable/Delete unused workstations

  • Thread starter Thread starter Corrado
  • Start date Start date
C

Corrado

Hi to all,
is there a way to automatically disable or delete workstations not used in
the W2000 domain?

In fact we have many workstations not used anymore, but I cannot find a way
to understand if they are still in use or not.
I cannot simply ping the workstation, maybe the user is not in office but he
will be...

Thanks for any help.

bye
Corrado
 
Hi to all,
is there a way to automatically disable or delete workstations not used in
the W2000 domain?

In fact we have many workstations not used anymore, but I cannot find a way
to understand if they are still in use or not.
I cannot simply ping the workstation, maybe the user is not in office but he
will be...

Thanks for any help.

bye
Corrado
Click to expand...
See tip 7508 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Here is a way:


How to remove inactive machine accounts
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
*** Problem Description ***


This script will remove inactive machine accounts in Active Directory
programmatically via ADSI.

It reads from an input file ( DCList.txt ) in which you manually insert the
names
of your domain controllers so that their accounts will not be deleted. It
then
removes all machine accounts that have not changed their password in the
last 90
days, then writes
the results to an output file ( InactivePCs.txt )

The line 'Call objDomain.Delete("Computer", objComp.Name) has been
commented out
so that you may test the script first without actually deleting accounts.

Take the following steps to use the script.

1. Create the DCList.txt and InactivePCs.txt files in C:\Temp ( create
this
folder if it does not exist) on the PDC Emulator for the domain.
2. Populate the DCList.txt file with the names of the domain controllers.
3. Rename the strDomain variable from "MyDomain" to the name of the
domain.
4. Possibly edit the IntAccountAge variable to reflect that of how long
you would
like the maximum time that a computer account password has NOT changed
5. Rename the following script to .vbs and run on the PDC Emulator.



<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
*** Resolution ***



Const ForReading = 1
Const ForWriting = 2
Dim objFSO, objCompFile, objDCFile, objDomain, objComp, objNTComp
Dim strCompFile, strDCFile
Dim strDomain, strDCList Dim intSecInADay, intAccountAge

strCompFile = "C:\Temp\InactivePCs.txt"
strDCFile = "C:\Temp\DCList.txt"
strDomain = "MyDomain"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCompFile = objFSO.OpenTextFile(strCompFile, ForWriting, TRUE)
Set objDCFile = objFSO.OpenTextFile(strDCFile, ForReading)
Set objDomain = GetObject("WinNT://" & strDomain)
objDomain.Filter = Array("Computer")
strDCList = objDCFile.ReadAll()
intSecInADay = 60 * 60 * 24
intAccountAge = 90

For Each objComp In objDomain
Set objNTComp = GetObject("WinNT://" & strDomain & "/" & objComp.Name &
"$")
If (objNTComp.PasswordAge > intSecInADay * intAccountAge) Then
If InStr(1, strDCList, objComp.Name, vbTextCompare) = 0 Then
'Call objDomain.Delete("Computer", objComp.Name)
objCompFile.Writeline objNTComp.Name & "-- computer account has
been
deleted"
End If
End If
Next

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.




<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
 
Back
Top