Scenario: You are an administrator of a domain. You are given a task to remove "rogue" administrators of the computers in your domain. On a few machines, this task would be very trivial; you can just remotely connect to each machine and remove the user from the local administrators group. Complexity comes in when you have to remove different users for each machine. Here is a rundown of what I would do if I were given this task. The usual disclaimer applies.
Step 1: Generate a list of computers accounts of the domain (programatically or by exporting the list from the Active Directory Users and Computers snap-in) and save the output to a text file (computers.ini, in this example). Add the login account of the user you are going to remove for each machine as shown (contents of computers.ini):
Step 2: The main script reads off computers.ini the list to be used as parameters (computer name and user name). Notice that the file is read in one go and the data stored in the array arrComputers. Each object in the array is checked and passed to the RemoveAdmin sub procedure.
Step 3: Script the procedures. Three procedures are used in the script; RemoveAdmin which is a sub procedure, and the sConvert and ping functions. The RemoveAdmin sub procedure queries the remote machine's local administrators group and if the user account (as defined in computers.ini) is found, it is removed from the group.
The sConvert function will return a string depending on the code parameter passed. If code is set to "1," the value returned is the computer account whereas if it is set to "2," the value returned is the user account (note the Select Case section).
The ping function is self-explanatory. It checks if the machine is online and returns a Boolean value (true if online, false if otherwise).
This script must be ran with an account with administrative rights on the computers listed in computers.ini. If this script is ran from a Windows Vista computer, ensure that elevated privileges are invoked (for example, right-clicking on the command-prompt shortcut and choosing "Run As Administrator").
2 comments:
Hi Salvador,
I'm Semi, one of the EC-Council instructor teaching CEH, CHFI, ECSA/LPT, EDRP and ECSP.
I like your blog, maybe we can share many things.
I'm an Indonesian and used to work in the Philippines, and I speak Tagalog as well.
Keep in touch.
http://semiyulianto.blogspot.com
Of course, I remember you, Sir. =)
I'm thinking of putting up a Blog Roll here and I would like to add your blog in, if it is fine with you.
Post a Comment