You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » localadmin permissions for remote execution
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#137699 - 2005-04-12 01:43 AM localadmin permissions for remote execution
ipeter Offline
Lurker

Registered: 2004-04-27
Posts: 3
Hi, I have needed to find out if sufficient permissions for remote
execution so I have little modified LocalAdmin function from
http://www.kixtart.org/ubbthreads/showfl...3&o=all&fpart=1
to this (but untill now tried only on local PC):

Function LocalAdmin(optional $sComputer)
; Insure $sComputer has "\\computername\" format if it is specified
If $sComputer <> ''
$sComputer = '\\' + Join(Split($sComputer,'\'),'',3) + '\'
EndIf
$LocalAdmin=ingroup($sComputer + sidtoname('S-1-5-32-544')) - 1 + @inwin
EndFunction


By testing I have found some unwanted effects (features...)

$RemotePC = @wksta
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 1

$RemotePC = '\\' + @wksta
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 1

$RemotePC = 'localhost'
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 0

$RemotePC = '\\localhost'
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 0

$RemotePC = '127.0.0.1'
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 0

$RemotePC = '\\127.0.0.1'
?InGroup($RemotePC + '\' + SidToName('S-1-5-32-544')) - 1 + @InWin
; got 1


What I don't understand is syntax - it seems from previous sample
that @wksta and '\\' + @wksta are equivalent. Is it correct?

And never tried this before, but it seems that MS implemented TCP/IP
very interesting - used services don't know localhost. If you try
`start \\localhost' you get:
"You were not connected because a duplicate name exists on the network. Go to
System in Control Panel to change computer name and try again."
Top
#137700 - 2005-04-12 05:03 AM Re: localadmin permissions for remote execution
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
your code will not work reliably
the @inwin resolves on the PC running the code, not the remote PC
the same for sidtoname.. on 'your' pc not the remote one

what you want to know is, do you have privledges on the remote PC?

There are several methods:
you can try to access the admin$ share of the target
or there is this UDF:
Code:

$BasicList = GroupMembers(@wksta + '/' + 'Administrators')
$FullList  = GroupMembers(@wksta + '/' + 'Administrators',1)


for each $item in $BasicList
   ? $item
next
?
for each $item in $FullList  
   ? $item
next



Function GroupMembers($target, optional $full)
   DIM $group, $member, $name, $temp
   
   $group = GetObject('WinNT://' + $target)
   for each $member in $group.members
      select
      case $member.class = "user"
         $temp = $temp +chr(13)+ $member.name
      case $member.class = "group"
         if $full
            for each $name in $member.members
               $temp = $temp +chr(13)+ $name.name
            next
         else
            $temp = $temp +chr(13)+ $member.name
         endif
      endselect
   next
   $GroupMembers = split(substr($temp,2),chr(13))
EndFunction
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 1172 anonymous users online.
details
Newest Members
StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.052 seconds in which 0.026 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org