Close Menu
    Facebook X (Twitter) Instagram
    Monday, June 23
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»SCCM 2007»how to get a report for Local Administrators Group membership

    how to get a report for Local Administrators Group membership

    Eswar KonetiBy Eswar KonetiSeptember 18, 12:33 pm3 Mins Read SCCM 2007 2,142 Views
    Share
    Facebook Twitter LinkedIn Reddit

    The below scripts works for only Win 2000 and XP not for other operating systems .Here are the simple steps that you can achive this(getting a report for local administrators).*******test it once before taking it to production*****************

    1.Go to the X:\smsinboxes\clifiles.src\hinv\sms_def.mof where X is SMS installed Drive,edit SMS_DEF.MOF file (If you have already edited it ,not changes are required .If you are doing it in SCCM environment for the first time, u can still do the same in SMS_DEF.MOF file.)

    2.At the very bottom ,Add these lines to the MOF file .

    //***********************************Local  admins***********************

       //#pragma namespace ("\\\\.\\root\\cimv2\\sms")

    [ SMS_Report     (TRUE),
      SMS_Group_Name ("LocalAdmins"),
      SMS_Class_ID   ("MICROSOFT|LocalAdmins|1.0")]

    class Win32_LocalAdmins : SMS_Class_Template
    {
        [SMS_Report(TRUE), key]     
         string   AccountName;
        [SMS_Report(TRUE), key]     
         string    GroupName;
    };

    3.Keep monitoring the dataldr.log file and u can see the changes that have been done, given below for your reference: SMS_DEF.Mof change detected
    Connected to SQL; waiting for Hinv action ID...
    Done with wait for Hinv action ID.
    Start of cimv2\sms-to-policy conversion
    Resetting SMS_Report qualifier to FALSE on all classes and properties in cimv2\sms namespace
    Running MOFCOMP on D:\SMS\inboxes\clifiles.src\hinv\sms_def.mof
    MOF backed up to D:\SMS\data\hinvarchive\sms_def.mof.bak
    End of cimv2\sms-to-policy conversion; returning 0x0 .
    4.Create a folder on your media Drivewhich can used to source folder for package creation.

    5.Create a MOF file and add the below lines into the file and save it as LocalAdmin.MOF  in the folder that you have created

    // Local Administrators
    // Requires Localadmins.MOF to be compile
    #pragma namespace ("\\\\.\\root\\cimv2")

     [union, ViewSources{"Select * from Win32_GroupUser where GroupComponent=\"Win32_Group.Domain='BUILTIN',Name='Administrators'\""},
     ViewSpaces{"
    \\\\.\\root\\CIMV2"}, Dynamic : ToInstance, provider("MS_VIEW_INSTANCE_PROVIDER")]
     
     class Win32_LocalAdmins
     {
      [PropertySources("PartComponent"), key]  Win32_Account ref AccountName;
      [PropertySources("GroupComponent"), key] Win32_Group ref   GroupName;
     };

    6.Crete a New package(ex:Local Admins) with the created folder as source files

    7.Create program with a command Line MOFCOMP.EXE LocalAdmin.MOF

    8.Create a advertisement and advertise it onto the collection (as per the needs).

    9.Move onto the reporting node and create a report with the following Query:

    select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name'
    from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

    If your orgamization has admin groups like admin or xxxxxx ,you can add few more lines to the above code like  AccountName0 not like '%Admin%' .Just wait until computers ran the localadmin.MOF file and sends hinv to the siteserver. more information about this can be found here

    Key difference between SMS_DEF.MOF and Configuration.mof file:

    SMS 2003 has ONE MOF file, the SMS_DEF.MOF. This file contains both the data provider MOF's and the reporting MOF's as well handling registering new provider types.

     SCCM 2007 has TWO MOF files, the CONFIGURATION.MOF and SMS_DEF.MOF. The CONFIGURATION.MOF contains the data providers and the SMS_DEF.MOF contains the reporting MOF's. For more information look at here

    configmgr report how to get a report for Local Administrators Group membership.group membership report local admin report local admin report based on group memvership sccm report SCCM report for local admins
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Monitoring Endpoint Security Applications with SCCM ConfigMgr SQL

    October 11, 8:48 pm

    SCCM report list collections with no deployments

    December 05, 12:04 pm

    How to migrate standalone MBAM to SCCM for bitlocker

    November 10, 2:32 pm

    3 Comments

    1. peterbartnetta1 on December 13, 2017 2:07 AM

      Scripting is good for small tasks, but enumerating an AD domain which can contain dozens of sites and thousands of workstations is not a straightforward task.

      For such complex tasks I always recommend IT admins to use solutions from third-party vendors - such vendors spend a lot of resources to maintain their software in actual and error-free state so IT admins can be sure that they really getting the full list of local admins (not just a subset from a certain percent of their workstations).

      One of the products which can help IT admins to get list of all local administrators from all their desktops is Action1 Endpoint Security Platform developed by our company - check this out.

      ---
      Peter Barnett
      http://www.action1.com
      Endpoint Security Platform

      Reply
    2. Naresh Gokara on November 26, 2016 12:04 PM

      Hello, I have a similar requirement for SCCM 2007, but need this local admins info from all the latest Operating Systems. Could you please help me in achieving this. Thank you in advance.

      Reply
      • Eswar Koneti on November 28, 2016 1:26 AM

        What do you mean by latest operating systems ? havent tried this method on windows 7 and windows 10 but you can give a try and post comments.
        I will try to test in my lab to see how it works.

        Regards,
        Eswar

        Reply

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.