@ADMIN doesn't work? - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » @ADMIN doesn't work?

Page 1 of 2

Topic Options

#76512 - 2003-08-28 06:16 PM @ADMIN doesn't work?
RCKJr RCKJr Fresh Scripter Registered: 2002-06-07 Posts: 6 Loc: Upton, MA	We have workstations here that did not include Domain Users in the local Administrators group. Now we went and globally added the group. But we are finding hundreds of machines still that when they logon @PRIV = "USER" instead of "ADMIN". Even when we add that group manually and watch a user logon, @PRIV still does not equal "ADMIN". Even stranger, now that this @PRIV check was added to the logon scripts, we've found that sometimes some of the Domain Admins get @PRIV = "USER". I was wondering if anyone else has had this problem, and what did you do to fix it?
Top

#76513 - 2003-08-28 06:38 PM Re: @ADMIN doesn't work?
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Please do not post to the scripts forum unless you also include a scipt. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76514 - 2003-08-28 06:51 PM Re: @ADMIN doesn't work?
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	the @priv macro is typically denotes NETWORK permissions, not local machine permissions. what version of kix are you using? _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#76515 - 2003-08-28 07:31 PM Re: @ADMIN doesn't work?
RCKJr RCKJr Fresh Scripter Registered: 2002-06-07 Posts: 6 Loc: Upton, MA	IF @PRIV = "ADMIN" yada.... ELSE ; sends an email, so we know what machines do ; not "DOMAIN\Domain Users" as a member of their ; local Administrators group yada.... ENDIF We have numerous emails that were sent from machines which we know have "DOMAIN\Domain Users" in the local Administrators group. Some of those email were sent while a Domain Admin was logging in, so the @PRIV = "ADMIN" check is clearly failing, or I'm not using it properly. We are running KiX v4.21. We've also tried IF INGROUP("\\" + @WKSTA + "\Administrators") > 0 but that seemed to not work either.
Top

#76516 - 2003-08-28 07:42 PM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	which OS the domain admins were logging into? _________________________ ! download KiXnet
Top

#76517 - 2003-08-28 09:59 PM Re: @ADMIN doesn't work?
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	The @Priv macro only works for current user. If you want to check if the group 'Domain Users' or another User/Group are member of the Local administrators group, you can use this code: code: If IsLocalAdmin('Domain Users') 'Yes is local admin' Else 'No is NOT local admin' EndIf ? Get $x Function IsLocalAdmin($UserOrGroup) $oGroup = GetObject("WinNT://./Administrators,group") $oChk = GetObject("WinNT://" + @Domain + "/" + $UserOrGroup) If VarTypeName($oChk) = "Object" If $oGroup.IsMember($oChk.adspath) $IsLocalAdmin = 1 EndIf EndIf EndFunction -Erik ps. This wil only work if your workstations are W2k or newer, or if you install WMIcore
Top

#76518 - 2003-08-28 10:02 PM Re: @ADMIN doesn't work?
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Rad has a different take on this - Best Practices and Methods Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#76519 - 2003-08-28 10:23 PM Re: @ADMIN doesn't work?
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	Kent The small difference: Rad, posted an explanation I posted a possible solution -Erik
Top

#76520 - 2003-08-28 10:31 PM Re: @ADMIN doesn't work?
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	Sorry Kent, I'm sure you haden't seen my post. We are very close in posting time -Erik
Top

#76521 - 2003-08-28 10:32 PM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	I think it was more as a workaround than solution. he is looking for a way to determine the current user. anyway, what comes to localadmin, check our udf-lib: LocalAdmin() - checks for membership of local admin group all it needs is one liner by the one-liner-genious _________________________ ! download KiXnet
Top

#76522 - 2003-08-29 12:20 AM Re: @ADMIN doesn't work?
kholm kholm Korg Regular Registered: 2000-06-19 Posts: 714 Loc: Randers, Denmark	Lonk, '\\@Domain\@UserID' Is NOT a local admin But: '\\@Domain\Domain Users' Are local admins. Dos your one-liner solve this ? -Erik
Top

#76523 - 2003-08-29 01:07 AM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	my localadmin does not solve anything. it just checks wether the current user is in local administrators group. in local wksta's local admin group. \\wksta\administrators that is. but, as a matter of fact, haven't tested it I rarely test my scripts but nobody has said that it wouldn't have worked _________________________ ! download KiXnet
Top

#76524 - 2003-08-29 01:26 AM

Re: @ADMIN doesn't work?

kholm

Korg Regular

Registered: 2000-06-19
Posts: 714
Loc: Randers, Denmark

Lonk,

The language independant idea is great:
- The SidToName() part

So if my original code should work worldwide (All contries, also Suomi) it would be:

code:

If IsLocalAdmin('Domain Users')
	'Yes is local admin'
Else
	'No is NOT local admin'
EndIf
 
? Get $x
 
Function IsLocalAdmin($UserOrGroup)

	$oGroup = GetObject("WinNT://./SidToName('S-1-5-32-544'),group")
	$oChk = GetObject("WinNT://" + @Domain + "/" + $UserOrGroup)
	If VarTypeName($oChk) = "Object"
		If $oGroup.IsMember($oChk.adspath)
			$IsLocalAdmin = 1
		EndIf
	EndIf

EndFunction

-Erik

[ 29. August 2003, 01:37: Message edited by: kholm ]

Top

#76525 - 2003-08-29 01:37 AM Re: @ADMIN doesn't work?
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Erik, It doesn't work for me. I am a member of @Domain\Domain Admins and @Domain\Domain Admins is a member of @WKSTA\Administrators but yet you code says 'No is NOT local admin'. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76526 - 2003-08-29 03:02 AM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	les, does mine work? does it? yeah... say it works, please! _________________________ ! download KiXnet
Top

#76527 - 2003-08-29 03:13 AM Re: @ADMIN doesn't work?
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Yes J'Lo, your UDF works great! _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76528 - 2003-08-29 03:16 AM Re: @ADMIN doesn't work?
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	the one liner is sufficient, witout it needing to be a function $admin = ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@INWIN _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#76529 - 2003-08-29 03:18 AM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	ja, that way you don't need to confess that there is author to the innovation _________________________ ! download KiXnet
Top

#76530 - 2003-08-29 03:40 AM Re: @ADMIN doesn't work?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	erik, think you have minor typo: $oGroup = GetObject("WinNT://./SidToName('S-1-5-32-544'),group") shouldn't it be: $oGroup = GetObject("WinNT://./"+SidToName('S-1-5-32-544')+",group") _________________________ ! download KiXnet
Top

#76531 - 2003-08-29 09:57 AM Re: @ADMIN doesn't work?
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Erik Have not tested your code or Lonks update of your code, but... If IsLocalAdmin('Domain Users') Since you use an ENGLISH name, I doubt that could be used World Wide. The 'Domain Users' I'm sure is different in different languages. Maybe TranslateName() could also be used for International usage or Howards Win32Admin DLL {edit - On second thought I don't think either would address that particular issue } http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=12;t=000178 Were rather lucky I guess. We have 1,000s of users around the Globe, but "most" use the English version of Windows so I don't have to deal with the Multi Language issue that much. [ 29. August 2003, 10:01: Message edited by: NTDOC ]
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org