Creating a Local Group Members report, steps to follow
Using Configuration Items and Baseline deployments for reporting
Example: create a Configuration item to capture local group Members, items you will need is a script to get-local member using PowerShell, import a mof file to collection information when a hardware inventory has run, then use a SQL query to generate the report.
Contents of the MOF file
#pragma deleteclass (“LocalGroupMembers”,NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name (“LocalGroupMembers”),
SMS_Class_ID (“LocalGroupMembers”) ]
class cm_LocalGroupMembers : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Account;
[SMS_Report (TRUE) ] string Category;
[SMS_Report (TRUE), key ] string Domain;
[SMS_Report (TRUE), key ] string Name;
[SMS_Report (TRUE) ] string Type;
};
Content of the PowerShell script
On Error Resume Next
Dim wbemCimtypeString
wbemCimtypeString = 8
Set oLocation = CreateObject(“WbemScripting.SWbemLocator”)
Set oServices = oLocation.ConnectServer(,”root\cimv2″)
set oNewObject = oServices.Get(“WIN32_localadmins”)
oNewObject.Delete_
‘ Create data class structure
Set oDataObject = oServices.Get
oDataObject.Path_.Class = “WIN32_localadmins”
oDataObject.Properties_.add “Account” , wbemCimtypeString
oDataObject.Properties_(“Account”).Qualifiers_.add “key” , True
oDataObject.Properties_.add “Domain” , wbemCimtypeString
oDataObject.Properties_.add “Type” , wbemCimtypeString
oDataObject.Properties_.add “Name” , wbemCimtypeString
oDataObject.Properties_(“Name”).Qualifiers_.add “key” , True
oDataObject.Put_
Dim objGroup, strComputer ,strUserPath ,arrUserBits ,wshNetwork ,Domain,Name , Type1
Set wshNetwork = WScript.CreateObject( “WScript.Network” )
strComputer = wshNetwork.ComputerName
Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)
Dim objMember
For Each objMember In objGroup.Members
strUserPath = Mid(objMember.aDSPath, 9)
arrUserBits = Split(strUserPath, “/”)
If UBound(arrUserBits) = 2 Then
strUserPath = arrUserBits(1) & “/” & arrUserBits(2)
Else
strUserPath = arrUserBits(0) & “/” & arrUserBits(1)
End If
arrUserBits = Split(strUserPath, “/”)
Domain = arrUserBits(0)
Name= arrUserBits(1)
If Domain = strComputer Then
Type1 = “Local”
Else
Type1 = “Domain”
End If
Set oNewObject = oServices.Get(“WIN32_localadmins” ).SpawnInstance_
oNewObject.Type = Type1
oNewObject.Domain = Domain
oNewObject.Account = objMember.Class
oNewObject.Name = Name
oNewObject.Put_
Next
Create the configuration item – where the script is entered
Create baseline – this will deployment the configuration item
Run Hardware inventory
Run SQL query to pull local group members.
SQL Query to pull local Administrators group members
select sys1.netbios_name0
,lgm.name0 [Name of the local Group]
,lgm.account0 as [Account Contained within the Group]
, lgm.category0 [Account Type]
, lgm.domain0 [Domain for Account]
, lgm.type0 [Type of Account]
from
v_gs_localgroupmembers0 lgm
join v_r_system_valid sys1 on sys1.resourceid=lgm.resourceid
where lgm.name0 = ‘Administrators’
order by sys1.netbios_name0, lgm.name0, lgm.account0