how to get a report for Local Administrators Group membership

The below scripts works for only Win 2000 and XP not for other operating systems .Here are the simple steps that you can achive this(getting a report for local administrators).*******test it once before taking it to production*****************

1.Go to the X:\smsinboxes\clifiles.src\hinv\sms_def.mof where X is SMS installed Drive,edit SMS_DEF.MOF file (If you have already edited it ,not changes are required .If you are doing it in SCCM environment for the first time, u can still do the same in SMS_DEF.MOF file.)

2.At the very bottom ,Add these lines to the MOF file .

//***********************************Local  admins***********************

   //#pragma namespace ("\\\\.\\root\\cimv2\\sms")

[ SMS_Report     (TRUE),
  SMS_Group_Name ("LocalAdmins"),
  SMS_Class_ID   ("MICROSOFT|LocalAdmins|1.0")]

class Win32_LocalAdmins : SMS_Class_Template
    [SMS_Report(TRUE), key]     
     string   AccountName;
    [SMS_Report(TRUE), key]     
     string    GroupName;

3.Keep monitoring the dataldr.log file and u can see the changes that have been done, given below for your reference: SMS_DEF.Mof change detected
Connected to SQL; waiting for Hinv action ID...
Done with wait for Hinv action ID.
Start of cimv2\sms-to-policy conversion
Resetting SMS_Report qualifier to FALSE on all classes and properties in cimv2\sms namespace
Running MOFCOMP on D:\SMS\inboxes\clifiles.src\hinv\sms_def.mof
MOF backed up to D:\SMS\data\hinvarchive\sms_def.mof.bak
End of cimv2\sms-to-policy conversion; returning 0x0 .
4.Create a folder on your media Drivewhich can used to source folder for package creation.

5.Create a MOF file and add the below lines into the file and save it as LocalAdmin.MOF  in the folder that you have created

// Local Administrators
// Requires Localadmins.MOF to be compile
#pragma namespace ("\\\\.\\root\\cimv2")

 [union, ViewSources{"Select * from Win32_GroupUser where GroupComponent=\"Win32_Group.Domain='BUILTIN',Name='Administrators'\""},
\\\\.\\root\\CIMV2"}, Dynamic : ToInstance, provider("MS_VIEW_INSTANCE_PROVIDER")]
 class Win32_LocalAdmins
  [PropertySources("PartComponent"), key]  Win32_Account ref AccountName;
  [PropertySources("GroupComponent"), key] Win32_Group ref   GroupName;

6.Crete a New package(ex:Local Admins) with the created folder as source files

7.Create program with a command Line MOFCOMP.EXE LocalAdmin.MOF

8.Create a advertisement and advertise it onto the collection (as per the needs).

9.Move onto the reporting node and create a report with the following Query:

select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name'
from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

If your orgamization has admin groups like admin or xxxxxx ,you can add few more lines to the above code like  AccountName0 not like '%Admin%' .Just wait until computers ran the localadmin.MOF file and sends hinv to the siteserver. more information about this can be found here

Key difference between SMS_DEF.MOF and Configuration.mof file:

SMS 2003 has ONE MOF file, the SMS_DEF.MOF. This file contains both the data provider MOF's and the reporting MOF's as well handling registering new provider types.

 SCCM 2007 has TWO MOF files, the CONFIGURATION.MOF and SMS_DEF.MOF. The CONFIGURATION.MOF contains the data providers and the SMS_DEF.MOF contains the reporting MOF's. For more information look at here

3 Responses to "how to get a report for Local Administrators Group membership"

  1. Scripting is good for small tasks, but enumerating an AD domain which can contain dozens of sites and thousands of workstations is not a straightforward task.

    For such complex tasks I always recommend IT admins to use solutions from third-party vendors - such vendors spend a lot of resources to maintain their software in actual and error-free state so IT admins can be sure that they really getting the full list of local admins (not just a subset from a certain percent of their workstations).

    One of the products which can help IT admins to get list of all local administrators from all their desktops is Action1 Endpoint Security Platform developed by our company - check this out.

    Peter Barnett
    Endpoint Security Platform

  2. Hello, I have a similar requirement for SCCM 2007, but need this local admins info from all the latest Operating Systems. Could you please help me in achieving this. Thank you in advance.

    1. What do you mean by latest operating systems ? havent tried this method on windows 7 and windows 10 but you can give a try and post comments.
      I will try to test in my lab to see how it works.



Leave a Reply