1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
|
' ------------------------------------------------------------------------------------------------------------------------------------
' Liste les membres du groupe Admin indépendamment du nom du groupe Admin
'
' ------------------------------------------------------------------------------------------------------------------------------------
'
on error resume next
strComputer = Wscript.Arguments.Item(0)
If strComputer = "" Then
' strComputer = "."
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
' WScript.Echo "Computer Name: " & strComputer
End If
call CompareLocalAdmins(strComputer)
WScript.Quit 0
'--------------------------------------------------
'- Compare Local Admins to List of Valid Accounts -
'--------------------------------------------------
Sub CompareLocalAdmins(RemoteSystem)
'--------------------------------------------------
'- Set Local Admin Group Name -
'--------------------------------------------------
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objGroupAdm = objWMIService.ExecQuery ("Select * from Win32_Group where (sid = 'S-1-5-32-544' and localaccount = true)")
For each objUser in objGroupAdm
localAdminGroupName = objUser.Name
Next
' wscript.Echo "Nom du groupe admin" &localAdminGroupName
Dim objComp
strComputer = RemoteSystem
Set objComp = GetObject("WinNT://" & strComputer)
objComp.GetInfo
If objComp.PropertyCount > 0 Then
' Set objGroup = GetObject("WinNT://" & strComputer & "/Administrateurs,group")
Set objGroup = GetObject("WinNT://" & strComputer & "/" & localAdminGroupName & ",group")
If objGroup.PropertyCount > 0 Then
' WScript.Echo "QUESTIONABLE members of local Admins group on " & strComputer & " are:"
okflag = "Y"
For Each mem In objGroup.Members
'memx = LCase(mem.Name)
'List of locally-authorized admins against which to compare
'If (memx = "administrateur") Then
If (mem.Name = "Administrateur" or mem.Name = "Domain Admins") Then
'WScript.Echo "OK!"
WScript.Echo strComputer & "," & mem.Name & ",OK"
'Note: "special-admin" above is an example of a locally-authorized admin
Else
okflag = "N"
WScript.Echo strComputer & "," & mem.Name & ",BAD"
End If
Next
If okflag = "Y" Then
WScript.Echo strComputer & ",ALLOK"
End If
Else
WScript.echo "Unable to check remote computer: " & strComputer
WScript.Quit 1
End If
Else
WScript.Echo "Unable to check remote computer: " & strComputer
WScript.Quit 1
End If
End Sub |
Partager