Report on Local Administrators Group membership - updated
Update 5/1/2010: Although this routine outlined below will still work just fine, here's another, in my opinion better and more well-rounded way to gather up and report on the contents of every local group, including the members of the local Administrators group: http://myitforum.com/cs2/blogs/skissinger/archive/2010/04/25/report-on-all-members-of-all-local-groups.aspx
Original blog from June, 2008 follows:
Ward Lange's original mof edit works great for 2000 and xp; but for Windows 2003 servers and Vista, the "BUILTIN" needed to be replaced with the local computer's name. Unfortunately, I have yet to hear of a way to use a dynamic variable in the MOF.
Mike Seely posted a script on the forum. With his permission I've used it to show a different method to gather the contents of the local Administrators group.
-
Edit inboxes\clifiles.src\hinv\sms_def.mof. At the very bottom, add these lines. These are identical to Ward Lange's mof edit, so if you've already implemented that one, no need to change anything.
[ SMS_Report (TRUE),SMS_Group_Name ("LocalAdmins"),SMS_Class_ID ("MICROSOFT|LocalAdmins|1.0")]
class Win32_LocalAdmins : SMS_Class_Template
{
[SMS_Report(TRUE), key] string AccountName;
[SMS_Report(TRUE), key] string GroupName;
};
-
Do not add anything to Configuration.mof. If you've previously implemented Ward Lange's, remove the section from configuration.mof. If you are on SMS2003 (not configMgr) and have already implemended Ward Lange's edit, you will want to remove the data section, leaving just the reporting section (the section above).
-
Attached is a .txt file; rename it to .vbs. Place it in a Source folder, and create a package/program for it, to run whether or not user logged in.
-
The Collection Query I suggest using for the advertisement is this, I'd set it to be recurring every few days so if a machine loses the WMI information somehow, it gets it back.
select SMS_R_SYSTEM.ResourceID
from SMS_R_System
where
SMS_R_System.ResourceId not in
(select SMS_R_System.ResourceId
from SMS_R_System
inner join SMS_G_System_LOCALADMINS on SMS_G_System_LOCALADMINS.ResourceID = SMS_R_System.ResourceId
where SMS_G_System_LOCALADMINS.AccountName is not null)
So, what does this combination do? The sms_def.mof edit will set your hardware inventory policy to report on local administrators group membership. The vbscript advertisement will create the WMI data entry using the computer name. It doesn't really matter if configuration.mof built it or something else built it--once it's there, Hardware Inventory policy will be able to use it.
A sample report to use once you have this data:
select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name'
from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')
Note 1: The vbscript specifically looks for members of the 'Administrators' group. If you have alternate groups you need to look for, like Administrateurs, or Administraten, modify the script.
Note 2: If the vbscript was run, and since then the computer has been renamed, the script will need to run again to update to the new name.
Original article (includes screenshots of what the sample report looks like): http://www.myitforum.com/articles/8/view.asp?id=9735