Getting a list of Administrators from remote Windows machines

Here is some short VBScript to get a list of administrators from remote Windows machines. It will also recurse into any groups added to the local administrators group and grab their information. So if you find yourself pulling your hair out trying to track a bunch of nested groups back to who’s in them because they have admin access on your machines, this will help you greatly:

On Error Resume Next

Sub EnumGroup(objGroup, strOffset)
    Dim objMember
    For Each objMember In objGroup.Members
        objFileOut.WriteLine strOffset & objMember.Name & " (" & objMember.Class & ")"
        If (objMember.Class = "Group") Then
            Call EnumGroup(objMember, strOffset & "–")
        End If
    Next
End Sub

Dim objFSO, objFile, objGroup, strComputer, arrServerList()

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:scriptsadminlistservers.txt", 1)
Set objFileOut = objFSO.OpenTextFile("C:scriptsadminlistoutput.txt", 2)

iLines = 0
Do Until objFile.AtEndOfStream
    line = objFile.ReadLine
    If line <> "" Then
        iLines = iLines + 1
        ReDim Preserve arrServerList(iLines)
        arrServerList(iLines-1) = line
    End If
Loop

For Each server In arrServerList
    strComputer = Trim(server)

    Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
    objFileOut.WriteLine "Members of local Administrators group on computer " & strComputer
    Call EnumGroup(objGroup, "")
Next

WScript.Echo "Done"

Create a file called servers.txt in the same location as the script, then fill it with server names (one per line). Run the VBScript as a domain administrator (if you use AD) and it will write its findings to the output.txt file located in the same directory as the script once it finishes.
Enjoy.
Leave a reply