Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to extract who has admin right on their PC

Created: 11 Jul 2013 | 10 comments

I need to run the report find out who has domain admin right on their local PC,

where is the table for this info.

can someone help me on this?

Thanks

Lillian

Operating Systems:

Comments 10 CommentsJump to latest comment

etk1131's picture

Using the query builder, I created a report that has a base resource type of Computer.  I added the [Admin Group Members].[Member Name] field to it.  I used a list of filter expressions to remove Administrator, and other admin groups that should be there by default as part of our process (like the IT Department, Domain Admins, etc.).  When I run it, it gives me every machine, and who has admin rights to it.

You can also run the canned report - Reports/Discovery and Inventory/Inventory/Windows/Operating System/Count of Users with Admin Rights, which will give you the users that have admin rights and a number of systems on which they have admin rights on.  You can drill down into those to see what individual systems they have rights to.

EMercado's picture

The table is inv_ug_admin_group_members. Here is a sample query:

select
vc.Name
, vc.[OS Name]
, vc.[IP Address]
, ug.Domain + '\' + ug.[Member Name] as 'Local Admin'
from
vComputer vc
inner join Inv_UG_Admin_Group_Members ug
on vc.Guid = ug._ResourceGuid

llian's picture

This is perfect, thanks you so much for the help

Lillian

huseinm's picture

How do we filter out the Member Name. I was trying to remove Domain Admins for example and did

select
vc.Name
, vc.[OS Name]
, vc.[IP Address]
, ug.Domain + '\' + ug.[Member Name] as 'Local Admin'
from
vComputer vc
inner join Inv_UG_Admin_Group_Mem
WHERE
'Member Name' NOT LIKE '%Domain Admins%'

But this did not work. Am I missing something?

EMercado's picture

Try

WHERE
ug.[Member Name] NOT LIKE '%Domain Admins%'

huseinm's picture

Thanks EMercado, that works.

I am trying an OR statement which does not seem to work. What am I doing wrong?

WHERE
ug.[Member Name] NOT LIKE '%administrator%'
OR ug.[Member Name] NOT LIKE '%Domain Admins%'
The Gaffer's picture

I am sure you have figured it out by now, but that should be AND rather than OR.

The statement that you have written can never be false (unless there is a member with a name like 'Domain Admins administrator' in the table).

huseinm's picture

Actually had used Excel to filter out results, but thanks!

AND did the trick.

Sally5432's picture

2nd post here works for me

https://www-secure.symantec.com/connect/forums/local-admin-rights

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

lakeith.collins's picture

Digging this topic back out - the mentioned table does not have any of my domain users listed, which I know for a fact is incorrect. What am I missing? I've tried everything.

I switched over to SQL and ran a query to join INV_UG_User_Account_Windodws, where the Priviliges colums = 2 (This was a guess, for admins, based off the data I got returned).

But it doesnt have all the data either. My personal account, on this laptop, is an admin. It isnt reported however.