Login script

You can also check for the current logged-on user group membership:

C:\> WHOAMI /GROUPS | find /i "BUILTIN\Administrators"


This is the result on my computer:

[Group 3] = "BUILTIN\Administrators"


---
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> Adding to Pegasus... you can check the %LogonServer% value. If the
> value equels the local computer name then the user is logged-on
> locally.
>
> ---
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>> Hi
>>
>> Does anyone know or have a script that will send me an email when a
>> user
>> logs into a WinXP computer with LOCAL ADMIN credentials (not with
>> domain
>> credentials)?
>> We're assuming that some of our company users know local admin
>> password, so
>> we want to know if someone tries or logs into his computer like local
>> admin?
>> Is this possible, or how can this be done?
>> Thank you in advance !
>> Regards,
>> Miha

Howdie!

Miha schrieb:
> Does anyone know or have a script that will send me an email when a user
> logs into a WinXP computer with LOCAL ADMIN credentials (not with domain
> credentials)?
> We're assuming that some of our company users know local admin password,
> so we want to know if someone tries or logs into his computer like local
> admin? Is this possible, or how can this be done?

Not a ready-to-go script but what you basically need is the ifmember.exe
from the Resource Kit (iirc) and some command line mailing program like
blat (which is free). If I'm correct, blat doesn't need to be installed
and can be called off a network share. You need to explore yourself.

I guess that script can be done with a few lines of batch.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html

"Miha" <miha.bernik.TakeThisOut@email.si> wrote in message
news:9A73E8CF-5187-4DE2-82AE-910F857CE42E@microsoft.com...
> Hi
>
> Does anyone know or have a script that will send me an email when a user
> logs into a WinXP computer with LOCAL ADMIN credentials (not with domain
> credentials)?
> We're assuming that some of our company users know local admin password,
> so we want to know if someone tries or logs into his computer like local
> admin? Is this possible, or how can this be done?
> Thank you in advance !
> Regards,
> Miha

AFAIK the environmental variable %UserDomain% will tell
whether a user gets validated locally or on the domain. As Florian
says, use blat.exe to send yourself a note when this happens.

"Miha" <miha.bernik.DeleteThis@email.si> wrote in message
news:9A73E8CF-5187-4DE2-82AE-910F857CE42E@microsoft.com...
> Hi
>
> Does anyone know or have a script that will send me an email when a user
> logs into a WinXP computer with LOCAL ADMIN credentials (not with domain
> credentials)?
> We're assuming that some of our company users know local admin password,
> so we want to know if someone tries or logs into his computer like local
> admin? Is this possible, or how can this be done?
> Thank you in advance !
> Regards,
> Miha

Further to my previous note: The question I failed to answer is
WHAT can you use to trigger the script to send you a message.
You cannot use your domain logon script (since it won't get
executed under local log-ins) and you probably cannot use a
local login script (because it would be visible to the user). I'll
think about this one a little more. Perhaps WMI has a solution.

One way is to copy a script file to all workstations windows directory and
put a shourtcut to the script (using wscript.exe)
on each computer's 'C:\Documents and Settings\All Users\Start Menu\Programs\Startup'
directory.

The script should echo nothing (dialogs, msgbox's etc) and should have it's
first line set to:

On Error Resume Next

To supress any unexpected errors, that way it will run invisibly.


---
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> "Miha" <miha.bernik.TakeThisOut@email.si> wrote in message
> news:9A73E8CF-5187-4DE2-82AE-910F857CE42E@microsoft.com...
>
>> Hi
>>
>> Does anyone know or have a script that will send me an email when a
>> user
>> logs into a WinXP computer with LOCAL ADMIN credentials (not with
>> domain
>> credentials)?
>> We're assuming that some of our company users know local admin
>> password,
>> so we want to know if someone tries or logs into his computer like
>> local
>> admin? Is this possible, or how can this be done?
>> Thank you in advance !
>> Regards,
>> Miha
> Further to my previous note: The question I failed to answer is
> WHAT can you use to trigger the script to send you a message.
> You cannot use your domain logon script (since it won't get
> executed under local log-ins) and you probably cannot use a
> local login script (because it would be visible to the user). I'll
> think about this one a little more. Perhaps WMI has a solution.

If the suspected culprits have the smarts they might anticipate almost
anything you could do. They could prevent the sending of the email by
disconnecting the workstation from the network before logging on. One
response to that possibility would be to also log all logons locally, giving
time and date, and then periodically collecting those records for analysis.

/Al

"Shay Levi" <no.DeleteThis@addre.ss> wrote in message
news:89228ed22c7178ca8960b16fcbed@news.microsoft.com...
>
>> (using wscript.exe)
>
> The shortcut file target property should be set to 'wscript script.vbs'
> (cscript will spawn a command window and make the operation
> visible).
>
>
> ---
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>
>> One way is to copy a script file to all workstations windows directory
>> and
>> put a shourtcut to the script (using wscript.exe)
>> on each computer's 'C:\Documents and Settings\All Users\Start
>> Menu\Programs\Startup'
>> directory.
>> The script should echo nothing (dialogs, msgbox's etc) and should have
>> it's first line set to:
>>
>> On Error Resume Next
>>
>> To supress any unexpected errors, that way it will run invisibly.
>>
>> ---
>> Shay Levi
>> $cript Fanatic
>> http://scriptolog.blogspot.com
>>> "Miha" <miha.bernik.DeleteThis@email.si> wrote in message
>>> news:9A73E8CF-5187-4DE2-82AE-910F857CE42E@microsoft.com...
>>>> Hi
>>>>
>>>> Does anyone know or have a script that will send me an email when a
>>>> user
>>>> logs into a WinXP computer with LOCAL ADMIN credentials (not with
>>>> domain
>>>> credentials)?
>>>> We're assuming that some of our company users know local admin
>>>> password,
>>>> so we want to know if someone tries or logs into his computer like
>>>> local
>>>> admin? Is this possible, or how can this be done?
>>>> Thank you in advance !
>>>> Regards,
>>>> Miha
>>> Further to my previous note: The question I failed to answer is
>>> WHAT can you use to trigger the script to send you a message.
>>> You cannot use your domain logon script (since it won't get
>>> executed under local log-ins) and you probably cannot use a
>>> local login script (because it would be visible to the user). I'll
>>> think about this one a little more. Perhaps WMI has a solution.
>
>