Local list of users

  • Thread starter Thread starter BKiddo
  • Start date Start date
B

BKiddo

Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?
 
BKiddo said:
Suppose you have 100 Windows XP or 7 PCs, can you get a report from
the Domain Controller to know which local users are created in each
PC?
Click to expand...

If you create and run a script to enumerate the local accounts on each
machine that runs from the DC using credentials that have local
adminstrative rights on each machine - but the domain controller really has
nothing to do with the local accounts on each machine, it would just be a
convenient 'center' starting point.
 
BKiddo said:
Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?
Click to expand...

So why did you give these users the password to the Administrator or another
admin-level local account so these users could create more local accounts?
If they are admins then you gave them your control.
 
The cliente did it; and now I have to audit it!


VanguardLH said:
So why did you give these users the password to the Administrator or another
admin-level local account so these users could create more local accounts?
If they are admins then you gave them your control.
.
Click to expand...
 
BKiddo said:
The cliente did it; and now I have to audit it!
Click to expand...

I suppose you could use a one-time login script that you push via domain
policies that runs a batch file with something like (this is off the top of
my head):

@date /t
@time /t
@net user

called listuser.bat which the login script runs as:

listuser.bat > <uncpath>\accounts\%computername%\userlist.txt

where <uncpath> is to a network host to which all users have permission to
write into the "accounts" subfolder and where you can go lookup the output.
Some you wouldn't care about, like Administrator since this account always
exists (whether the user can log onto that local account or not), and others
are accounts designed for use by particular services or the OS. Rather than
use a one-time logon script, you could keep it enabled all the time for all
users and then append the output from each of their logins to monitor when
they change (add or delete) the accounts on their host, as in running:

listuser.bat >> <uncpath>\accounts\%computername%\userlist.txt

(> does an overwrite, >> does an append).
 
Suppose you have 100 Windows XP or 7 PCs, can you get a report
from the Domain Controller to know which local users are created
in each PC?
Click to expand...

Suppose you have a file that contains the names of all 100 of your
XP computers named "computerlist.txt" (without the leading "\\").
Then you can bring up a command prompt window (start->Run->"cmd")
and enter the command:

for /f %i in (computerlist.txt) do addusers /d nul: \\%i

This will dump all the users and groups on each computer to the
console window. You might want to append-redirect (>>) it to a file.
If you don't have it, the program "addusers.exe" came with an old
resource kit. Make sure it's in your path or specify the path in
the above command. Also, each computer must be powered up and
online to get it to respond to the query (obviously).

You might be able to get a copy of "addusers" here:
<http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe>
or Google it.

HTH,
John
 
Back
Top