Hi,
I need to get a list of all people in the company who have local admin rights on their computers. We have a group on each machine called "Administrators." I can get a list of all computers from active directory with:
import active_directory
for computer in active_directory.search ("objectCategory='Computer'"):
print computer.displayName
Now I think I need to take each computer name and feed it back in. I was thinking maybe reading the remote registry on each computer and looking for the SID -- supposedly the SID 'S-1-5-domain-500' will give me a list of people on the computer that are local admins. I did:
import _winreg
COMPUTER_NAME = "FakeComputerName"
KEY_PATH = r"System\CurrentControlSet\Control\ComputerName\ComputerName"
HKLM_remote = _winreg.ConnectRegistry (r"\\%s" % COMPUTER_NAME, _winreg.HKEY_LOCAL_MACHINE)
hKeyRemote = _winreg.OpenKey (HKLM_remote, KEY_PATH, 0, _winreg.KEY_READ)
value, type = _winreg.QueryValueEx (hKeyRemote, "ComputerName")
print "Remote computer name is", value
Remote computer name is FakeComputerName
How do I combine these to get what I need? Will these work together? Is this the best way to go about this? Once I get this to work I can figure out writing it to a file and adding exceptions like if the computer isn't on the network it writes that and then moves onto the next PC. Perhaps use win32security?
I don't know what registry key to use or even if it will work. I've spent about 5 hours on this today and I am still learning Python. I don't know VB and that is the majority of code I see on the net.
Thanks!