The only item to configure is the arrRealAdmins array of strings, where you may put in a list of user names that you do not wish to show in the report. The example already include two common administrator names that should be valid, “Administrator” and “Domain Administrators”.<\/p>\n
Note that the sample code below outputs the invalid local administrator group members in a msgbox() pop-up box. You may wish to substitute this output method with something that may be more useful to you, such as outputting them to a report, write into a database, send email, etc.<\/p>\n
\n'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''\n' List local admin users '\n' '\n' Description: Finds a list of local admin users on a Windows '\n' machine '\n' Author: C. Peter Chen, http:\/\/dev-notes.com '\n' Version Tracker: '\n' 1.0 20081021 Base version '\n'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''\n\noption explicit\ndim arrRealAdmins\n\n'''''''''''''''''\n' Configuration '\n'''''''''''''''''\narrRealAdmins = Array(\"Administrator\",\"Domain Admins\") ' List of users that *are* supposed to be administrators; we'll ignore these people later\n\n'''''''''''''''''''''\n' End configuration '\n'''''''''''''''''''''\n\ndim adminGroup, groupMember, ret\n\nfunction isPermitedAdmin(MemberName)\n\tdim i\n\tfor i = lbound(arrRealAdmins) to ubound(arrRealAdmins)\n\t\tif ucase(MemberName) = ucase(arrRealAdmins(i)) then\n\t\t\tisPermitedAdmin = true\n\t\t\texit function\n\t\tend if\n\tnext\n\n\tisPermitedAdmin = false\nend function\n\nset adminGroup = getObject(\"WinNT:\/\/.\/Administrators, group\")\nfor each groupMember in adminGroup.members\n\tif not isPermitedAdmin(groupMember.name) then\n \t\tret = ret & groupMember.name & \",\"\n\tend if\nnext\n\nif ret = \"\" then\n\tmsgbox(\"No invalid local administrators found.\")\nelse\n\tret = mid(ret, 1, len(ret)-1) ' To get rid of the last comma\n\tmsgbox(\"The following users are in the local admin group: \" & vbcrlf & ret)\nend if\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Sometimes users may add themselves to the administrators group of their own Windows computers without authorization. This VBScript can find out who are not supposed to be there for system administrators to analyze later.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,26],"tags":[],"class_list":["post-98","post","type-post","status-publish","format-standard","hentry","category-vbscript","category-windows"],"_links":{"self":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts\/98","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/comments?post=98"}],"version-history":[{"count":0,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts\/98\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/media?parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/categories?post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/tags?post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}