Posted: Wed Apr 15, 2009 8:46 am Post subject: Mbsa
Is there a MBSA equivalent tool available (preferably freeware) for checking the patch levels of Windows servers?
Also, is there is a command-line or script available which can generate a report of all accounts with administrator equivalent privileges in Windows 2003/2000 AD setup, with added information on which machine the id resides., etc?
We have a AD domain setup, wherein we restrict administrative access to member servers by adding users to a security group and that security group is inturn added to "Local Admins" groups of the member server. That way, users are not added directly to the Local Admins groups of the member servers. However, we need to counter check this...as there have been instance where users accounts are added directly to the Local Admins group. Since we have a setup with more than 5000 Windows server, wondering if there are any scripts which automates this process.
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
Posted: Wed Apr 15, 2009 6:49 pm Post subject:
DSMOD, specifically dsquery can get just about any information like that from LDAP. I can't give you the syntax as my domain is 2k functional level and DSMOD requires 2003 functional level, but you should be able to google the syntax easily.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum