VBscript collect local administrators members

December 22, 2010 at 08:17:57
Specs: Windows XP
Hi: I'd like some help with the script below to make it collect local administrators members from a list of computers in a text file, e.g computers.txt. The code below outputs from the local computer only:

Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
'Create a FileSystemObject
Set oFS = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names
'with one computer name per line
Set objLogFile = oFS.OpenTextFile("c:\admins\output.log", 8, True, 0)

Set colGroups = GetObject("WinNT://" & strComputer & "")
colGroups.Filter = Array("Group")
For Each objGroup In colGroups
If objGroup.Name = "Administrators" Then
objLogFile.WriteLine "************************************************************"
objLogFile.WriteLine strComputer
objLogFile.WriteLine vTab & objGroup.Name
For Each objUser in objGroup.Members
objLogFile.WriteLine vbTab & vTab & objUser.Name
End If


December 22, 2010 at 09:05:04
I added the requested logic. Then I streamlined it. It's now 18 lines long instead of 21. The cynical might say I did so at the expense of the 3 comment lines. The comments were removed because they either said nothing, or were wrong.

With CreateObject("Scripting.FileSystemObject")
  Set inFile = .OpenTextFile("computers.txt")
  Set objLogFile = .OpenTextFile("c:\admins\output.log", 8, True, 0)
End With

Do Until inFile.AtEndOfStream
  computer = inFile.ReadLine
  objLogFile.WriteLine "************************************************************" _
  & vbNewLine & computer
  With GetObject("WinNT://" & computer & "/Administrators,Group")
    objLogFile.WriteLine vbTab & .Name
    For Each objUser in .Members
      objLogFile.WriteLine vbTab & vbTab & objUser.Name
  End With
WScript.Echo "Done"

December 22, 2010 at 13:01:52
Thanks a lot. Worked, when applied to servers in Ad, got errors in:
With GetObject("WinNT://" & computer & "/Administrators,Group")
Do I need to login as an admin to be able to see these accounts in the local admins"
Really appreciate it.

December 22, 2010 at 15:23:59
You need to be recognized by the computer as having authority on that server. Even the Guest account should be able to enumerate the Administrator groups, but by default, account enumeration by anonymous is not allowed.

