A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Local list of users



 
 
Thread Tools Display Modes
  #1  
Old April 26th 10, 10:46 PM posted to microsoft.public.windowsxp.security_admin
BKiddo
external usenet poster
 
Posts: 2
Default Local list of users

Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?
Ads
  #2  
Old April 27th 10, 05:59 AM posted to microsoft.public.windowsxp.security_admin
Shenan Stanley
external usenet poster
 
Posts: 10,523
Default Local list of users

BKiddo wrote:
Suppose you have 100 Windows XP or 7 PCs, can you get a report from
the Domain Controller to know which local users are created in each
PC?


If you create and run a script to enumerate the local accounts on each
machine that runs from the DC using credentials that have local
adminstrative rights on each machine - but the domain controller really has
nothing to do with the local accounts on each machine, it would just be a
convenient 'center' starting point.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


  #3  
Old April 27th 10, 09:51 AM posted to microsoft.public.windowsxp.security_admin
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Local list of users

BKiddo wrote:

Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?


So why did you give these users the password to the Administrator or another
admin-level local account so these users could create more local accounts?
If they are admins then you gave them your control.
  #4  
Old April 27th 10, 05:15 PM posted to microsoft.public.windowsxp.security_admin
BKiddo
external usenet poster
 
Posts: 2
Default Local list of users

The cliente did it; and now I have to audit it!


"VanguardLH" wrote:

BKiddo wrote:

Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?


So why did you give these users the password to the Administrator or another
admin-level local account so these users could create more local accounts?
If they are admins then you gave them your control.
.

  #5  
Old April 28th 10, 01:05 AM posted to microsoft.public.windowsxp.security_admin
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Local list of users

BKiddo wrote:

VanguardLH wrote:

BKiddo wrote:

Suppose you have 100 Windows XP or 7 PCs, can you get a report from the
Domain Controller to know which local users are created in each PC?


So why did you give these users the password to the Administrator or another
admin-level local account so these users could create more local accounts?
If they are admins then you gave them your control.


The cliente did it; and now I have to audit it!


I suppose you could use a one-time login script that you push via domain
policies that runs a batch file with something like (this is off the top of
my head):

@date /t
@time /t
@net user

called listuser.bat which the login script runs as:

listuser.bat uncpath\accounts\%computername%\userlist.txt

where uncpath is to a network host to which all users have permission to
write into the "accounts" subfolder and where you can go lookup the output.
Some you wouldn't care about, like Administrator since this account always
exists (whether the user can log onto that local account or not), and others
are accounts designed for use by particular services or the OS. Rather than
use a one-time logon script, you could keep it enabled all the time for all
users and then append the output from each of their logins to monitor when
they change (add or delete) the accounts on their host, as in running:

listuser.bat uncpath\accounts\%computername%\userlist.txt

( does an overwrite, does an append).
  #6  
Old April 28th 10, 06:25 AM posted to microsoft.public.windowsxp.security_admin
John Wunderlich
external usenet poster
 
Posts: 1,466
Default Local list of users

=?Utf-8?B?QktpZGRv?= wrote in
:

Suppose you have 100 Windows XP or 7 PCs, can you get a report
from the Domain Controller to know which local users are created
in each PC?


Suppose you have a file that contains the names of all 100 of your
XP computers named "computerlist.txt" (without the leading "\\").
Then you can bring up a command prompt window (start-Run-"cmd")
and enter the command:

for /f %i in (computerlist.txt) do addusers /d nul: \\%i

This will dump all the users and groups on each computer to the
console window. You might want to append-redirect () it to a file.
If you don't have it, the program "addusers.exe" came with an old
resource kit. Make sure it's in your path or specify the path in
the above command. Also, each computer must be powered up and
online to get it to respond to the query (obviously).

You might be able to get a copy of "addusers" he
http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
or Google it.

HTH,
John
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 12:04 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.