VBScript WMI: Get List of Administrators from Windows PC

I’m breaking down a large VBScript I wrote as part of a larger computer inventory system prototype I built for what later became a much larger company.

This project was a big time investment for me that provided a lot of value to the company until they went out and purchased a commercial product and even then, the commercial product had things it did not do as well as my prototype.

The scanning volume eventually got so big that I had to run copies of the script on different parts of Active Directory at the same time to try and scale the scanning of computers on the network with all the data being stored in a SQL database backend.

This script and others I’ll be sharing in this series were contained within a loop of Active Directory computer records for a good size enterprise with about 10,000 desktops and laptops for some Active Directory OUs.

This script leverages Windows Management Instrumentation (WMI) to query what’s going on with this Windows network PC.

The first piece of code I’m sharing is for querying the Windows WMI to get a list of Administrators from a Windows PC. This code was used as part of a project to determine if any computers had unauthorized admin accounts we didn’t know about.

GetAdminstrators Function

To use this code, copy it in to a text file and save it with a .vbs file extension for VBScript. Once you have the .vbs file, double click on it and you should get a message box with the names of the admin accounts from the target device.

Function GetAdministrators(strComputerName)
On Error Resume Next

    Dim objWMIService, strQuery, colItems, Path, strMembers, strAdminList, iCounter
	iCounter = 0
    Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerName & "\root\cimv2")
    strQuery = "select * from Win32_GroupUser where GroupComponent = " & chr(34) & "Win32_Group.Domain='" & strComputerName & "',Name='Administrators'" & Chr(34)
    Set ColItems = objWMIService.ExecQuery(strQuery,,48)
    strMembers = ""
    For Each Path In ColItems
		Dim strMemberName, NamesArray, strDomainName, DomainNameArray
        NamesArray = Split(Path.PartComponent,",")
		strMemberName = Replace(Replace(NamesArray(1),Chr(34),""),"Name=","")
		DomainNameArray = Split(NamesArray(0),"=")
        strDomainName = Replace(DomainNameArray(1),Chr(34),"")
        If strDomainName <> strComputerName Then
            strMemberName = strDomainName & "\" & strMemberName
			if iCounter = 0 then
				strAdminList =  strMemberName
			else
				strAdminList = strAdminList & " > " & strMemberName 
			end if
			iCounter = iCounter + 1
			
        End If
	Next
	
	GetAdministrators = strAdminList
End Function
' Pass a . to run this on your own PC or add a string value for another on your network
call msgbox(GetAdministrators("."))
call msgbox(GetAdministrators("NetworkComputer1"))

Stay tuned for more scripts in upcoming blog posts!

Hope this helps somebody!
~Cyber Abyss

VBScript Error – MSXML3.dll error ‘800C0005’

This is a popular re-post from my old Blogger blog.

I’m working on  a website up-time monitoring script.

After I had my initial prototype working, I received more requirements for logging output to CSV in addition to storing output in Access DB and decided to add CPU usage percentages to the logging.

Once I had all that done, I started getting odd errors when solution should be detecting a down-time event.

Testing the script with older version of Microsoft.XmlHttp had issues where certain but not all websites the script would call were incorrectly displaying HTTP status code 404 but a 200 OK was really sent back verified by using Fiddler.  Very odd behavior.

The error is related to VBScript’s use of the older version of the Microsoft.XmlHttp object.

The Code

Function isPortalOffline(strURL)
 'Set WshShell = WScript.CreateObject("WScript.Shell")
 Set http = CreateObject("Microsoft.XmlHttp")

 http.open "GET", strURL, False
 http.send 
 
 'Only check for error of the http Get request
 if err.Number <> 0 Then
  isPortalOffline = True
 Else
  'Wscript.Echo "error" & Err.Number & ": " & Err.Description
  isPortalOffline = False
 End If

 'Clear the error after setting isPortalOffline
 err.clear
 'set WshShell = Nothing
 Set http = Nothing 

 ReportError("isPortalOffline")
End Function

Error: MSXML3.dll error ‘800C0005’ The System cannot locate the resource

Changed MSXML Objects.

The Fixed Code

Replaced Microsoft.XmlHttp with MSXML2.ServerXMLHTTP.

Function isPortalOffline(strURL)
 'Set WshShell = WScript.CreateObject("WScript.Shell")
 Set http = CreateObject("MSXML2.ServerXMLHTTP")

 http.open "GET", strURL, False
 http.send
 
 'Only check for error of the http Get request
 if err.Number <> 0 Then
  isPortalOffline = True
 Else
  'Wscript.Echo "error" & Err.Number & ": " & Err.Description
  isPortalOffline = False
 End If

 'Clear the error after setting isPortalOffline
 err.clear
 'set WshShell = Nothing
 Set http = Nothing 

 ReportError("isPortalOffline")
End Function

This resolved my issues!

I hope this helps someone. 🙂