Jump to content

Script to delete local user accounts?

Guest jdbst56@gmail.com

By Guest jdbst56@gmail.com
in Windows XP

 Share

Recommended Posts

Guest jdbst56@gmail.com

Guest jdbst56@gmail.com

Posted
Posted

We're running XP Professional with SP2. Is there a script (VB, WSH,

etc) that could be used to delete all local accounts on the machine

except for the builtin Windows accounts (as well as any ASP.net

accounts) and the account of the user who is currently logged in. I

know that I could figure out the account of the the currently logged

in user by using the %username% environment variable. I was thinking

of the Addusers.exe utility in the Server Resource Kit, but I'm not

sure that it will work for my needs. What we're trying to eliminate

is any users who may have created local "back door" accounts while

they were administrators of their PCs. We're about to take these

rights away but we want to ensure there is no way they can circumvent

the process by simply using a seperate local account to login with

full rights. Suggestions?

 

Thanks!

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Cricketlang

Guest Cricketlang

Posted
Posted

RE: Script to delete local user accounts?

 

The link below is for a sample application that should provide a little help

identifying if you have any hidden accounts.

 

Sample App Download:

http://msdn.microsoft.com/en-us/library/aa231719(VS.60).aspx

 

Or if you have suffecient computer knowledge and are able to work the

registry:

 

1. Enable windows to show hidden system files.

 

2. Open regedt from the run utility (start, run, type "regedt")

 

3.Navigate to the following value

 

HKEY\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\Userlist

 

4. Look to see if there is any DWORD value there that could be a possible

user account (its value will be set to 0)

 

5. Delete any values (accounts) you dont like

 

6. Test it out and then tell me how it works out for you.

Guest Richard Mueller [MVP]

Guest Richard Mueller [MVP]

Posted
Posted

Re: Script to delete local user accounts?

 

 

<jdbst56@gmail.com> wrote in message

news:bc4946b7-72b1-4a73-ab8a-8151a36064fa@e39g2000hsf.googlegroups.com...

> We're running XP Professional with SP2. Is there a script (VB, WSH,

> etc) that could be used to delete all local accounts on the machine

> except for the builtin Windows accounts (as well as any ASP.net

> accounts) and the account of the user who is currently logged in. I

> know that I could figure out the account of the the currently logged

> in user by using the %username% environment variable. I was thinking

> of the Addusers.exe utility in the Server Resource Kit, but I'm not

> sure that it will work for my needs. What we're trying to eliminate

> is any users who may have created local "back door" accounts while

> they were administrators of their PCs. We're about to take these

> rights away but we want to ensure there is no way they can circumvent

> the process by simply using a seperate local account to login with

> full rights. Suggestions?

>

> Thanks!

 

A VBScript program can easily enumerate all local accounts on a computer.

The problem is how to tell which are builtin, which created by apps, and

which created by users. It depends on the OS. Builtin accounts, like

Administrator and Guest, should have the string "Built-in account" in the

description, but this can be changed. To enumerate all local accounts:

==========

Option Explicit

Dim objNetwork, strComputer, objComputer, objUser

 

Set objNetwork = CreateObject("Wscript.Network")

strComputer = objNetwork.ComputerName

 

Set objComputer = GetObject("WinNT://" & strComputer)

objComputer.Filter = Array("user")

 

For Each objUser In objComputer

Wscript.Echo objUser.Name & ", " & objUser.Description

Next

========

In the above you could delete any of the accounts by running the

DeleteObject method of the user object. For example:

======

For Each objUser In objComputer

' Delete all users that don't have "built-in" included in description.

If (InStr(LCase(objUser.Description), "built-in") > 0) Then

objUser.DeleteObject (0)

End If

Next

======

At least I assume the DeleteObject method is supported by the WinNT provider

for user objects. If not, you can use the Delete method of the container

object:

======

For Each objUser In objComputer

' Delete all users that don't have "built-in" included in description.

If (InStr(LCase(objUser.Description), "built-in") > 0) Then

objComputer.Delete "user", objUser.Name

End If

Next

======

In any case, the problem is determining which accounts to not delete. I

would suggest, if you don't have too many computers, running a script that

enumerates all users on all computers. The first script above can be run

remotely on any computer by hard coding the NetBIOS name of the remote

computer in the strComputer variable, for example (instead of retrieving the

NetBIOS name of the local computer from the wshNetwork object). ADO can be

used in a VBScript program to retrieve the sAMAccountName of all computers

in the domain, and then in a loop you can enumerate the local users on each.

For more on using ADO see this link:

 

http://www.rlmueller.net/ADOSearchTips.htm

 

For example:

==========

Option Explicit

 

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strComputer

Dim objComputer, objUser

 

' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")

Set adoConnection = CreateObject("ADODB.Connection")

adoConnection.Provider = "ADsDSOObject"

adoConnection.Open "Active Directory Provider"

adoCommand.ActiveConnection = adoConnection

 

' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

strBase = "<LDAP://" & strDNSDomain & ">"

 

' Filter on computer objects.

strFilter = "(objectCategory=computer)"

 

' Comma delimited list of attribute values to retrieve.

strAttributes = "sAMAccountName"

 

' Construct the LDAP syntax query.

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

adoCommand.CommandText = strQuery

adoCommand.Properties("Page Size") = 100

adoCommand.Properties("Timeout") = 30

adoCommand.Properties("Cache Results") = False

 

' Run the query.

Set adoRecordset = adoCommand.Execute

 

' Enumerate the resulting recordset.

Do Until adoRecordset.EOF

' Retrieve NetBIOS name of computer.

strComputer = adoRecordset.Fields("sAMAccountName").Value

' Remove trailing "$".

strComputer = Left(strComputer, Len(strComputer) - 1)

' Bind to the computer object.

' Trap error if not available.

On Error Resume Next

Set objComputer = GetObject("WinNT://" & strComputer)

If (Err.Number <> 0) Then

Wscript.Echo strComputer & " (Not Available)"

End If

On Error GoTo 0

' Filter on local user objects.

objComputer.Filter = Array("user")

' Enmerate all local users.

For Each objUser In objComputer

Wscript.Echo strComputer & "," & objUser.Name _

& "," & objUser.description & "," & objUser.AccountDisabled

Next

adoRecordset.MoveNext

Loop

 

' Clean up.

adoRecordset.Close

adoConnection.Close

========

I added the AccountDisabled property method, which returns True if the

account is disabled, False if it is not. The output can be redirected to a

text file, which is comma delimited and can be read into a spreadsheet. I

trapped the possible error if the remote computer is not available.

 

You could also indicate which accounts are direct members of the local

Administrators group. A quick take on this would be to use this Do Until

loop in place of the one above (not the additional variable):

========

Dim objGroup

Do Until adoRecordset.EOF

' Retrieve NetBIOS name of computer.

strComputer = adoRecordset.Fields("sAMAccountName").Value

' Remove trailing "$".

strComputer = Left(strComputer, Len(strComputer) - 1)

' Bind to the computer object.

' Trap error if not available.

On Error Resume Next

Set objComputer = GetObject("WinNT://" & strComputer)

If (Err.Number <> 0) Then

Wscript.Echo strComputer & " (Not Available)"

End If

On Error GoTo 0

' Bind to the local Administrators group.

Set objGroup = GetObject("WinNT://" & strComputer &

"/Administrators,group")

' Filter on local user objects.

objComputer.Filter = Array("user")

' Enmerate all local users.

For Each objUser In objComputer

Wscript.Echo strComputer & "," & objUser.Name _

& "," & objUser.description & "," & objUser.AccountDisabled _

& "," & objGroup.IsMember(objUser.AdsPath)

Next

adoRecordset.MoveNext

Loop

=======

After this you should be able to decide which accounts should be deleted.

Note that you can do this remotely without visiting the computers (although

you will need to note which computers where not available and repeat the

process on them). You can also delete the accounts remotely. However, I

assume an AD network and that users do not log in locally. Otherwise how do

you decide who can logon locally? The first to try?

 

--

Richard Mueller

MVP Directory Services

Hilltop Lab - http://www.rlmueller.net

--

 Share
Go to topic listing
×
×
  • Create New...