everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool.
if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf <[EMAIL PROTECTED]> wrote: > Upgrade your workstation to XP and run it from there? Install a VPC > that is running XP and run it from there? > > Phil > > On 8/10/05, Tom Kern <[EMAIL PROTECTED]> wrote: > > yeah, unfortunately, i'm saying there is not one xp box to be seen... > > > > can this be done from a win2k box somehow? > > thanks > > > > On 8/10/05, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > > > > the enviorment i work in is all win2k pro/server so GPMC is out. > > > > > > Are you saying you don't even have a single WinXP box in this > > > environment? > > > > > > If you have one, you could still install GPMC on the XP client - this > > > will work fine against a win2k AD. Then execute the > > > "GetReportsForAllGPOs.wsf" script that comes with GPMC (typically in the > > > "C:\Program Files\GPMC\Scripts" folder). > > > > > > This will dump all settings of all GPOs in a domain including the links > > > where the GPOs are applied. > > > > > > /Guido > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > > Sent: Mittwoch, 10. August 2005 19:26 > > > To: ActiveDir@mail.activedir.org > > > Subject: Re: [ActiveDir] 2 quick favors > > > > > > Ok, I think i'm finding it impossible to create a VBScript or use a > > > tool to enumerate all the settings which are enabled in all or a > > > specific gpo in a win2k domain from a win2k workstation. > > > > > > am i correct? > > > > > > On 8/10/05, Tom Kern <[EMAIL PROTECTED]> wrote: > > > > I get errors with this script- "the active directory property cannot > > > > be found in the cache" > > > > > > > > I'm running win2k native mode domain. > > > > > > > > thanks. sorry to bother. > > > > > > > > On 8/10/05, Alain Lissoir <[EMAIL PROTECTED]> wrote: > > > > > For 1/, try this one below. For 2/ I don't have one close but I'm > > > sure some > > > > > folks here can feed you ... > > > > > > > > > > The script doesn't dump in a text file, but that's an easy addition. > > > HTH > > > > > > > > > > ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir > > > > > ' > > > > > ' WSH Script browsing the 'DefaultNamingContext' and the > > > > > 'configurationNamingContext' > > > > > ' to retrieve the Group Policies linked to AD objects. > > > > > ' This should facilitate the search of created policies in the > > > Active > > > > > Directory. > > > > > ' > > > > > ' The script is using a basic LDAP access in the current user > > > context, > > > > > ' so, you should have enough rights to access AD objects. > > > > > ' > > > > > ' Change in version 1.04 > > > > > ' > > > > > ' - Add an error Handler in the "ShowMemberInfo" Private Sub > > > > > ' > > > > > ' Change in version 1.02 > > > > > ' > > > > > ' - Query the schema to get the property list associated to the > > > > > 'groupPolicyContainer' class. > > > > > ' - Display only the defined properties for that class. > > > > > ' - For the defined properties, the scripts shows the syntax to be > > > used by > > > > > the property. > > > > > ' - Take in account the fact that more than one policy can be > > > defined at the > > > > > container level. > > > > > ' > > > > > ' Change in version 1.01 > > > > > ' > > > > > ' - Add some code to bind to the GPLink LDAP Pointer to extract some > > > > > properties. > > > > > ' > > > > > ' Any comments or questions: EMail:[EMAIL PROTECTED] > > > > > > > > > > Option Explicit > > > > > > > > > > Dim ObjRoot > > > > > Dim Object > > > > > Dim ObjMember > > > > > > > > > > ' > > > > > > > > ------------------------------------------------------------------------ > > > ---- > > > > > ------- > > > > > WScript.Echo > > > > > WScript.Echo "Looking inside 'configurationNamingContext'" > > > > > Set objRoot = GetObject("LDAP://RootDSE") > > > > > Object = objRoot.Get("configurationNamingContext") > > > > > > > > > > Call LookInsideObject (Object) > > > > > > > > > > Set Object = Nothing > > > > > Set objRoot = Nothing > > > > > > > > > > ' > > > > > > > > ------------------------------------------------------------------------ > > > ---- > > > > > ------- > > > > > WScript.Echo > > > > > WScript.Echo "Looking inside 'DefaultNamingContext'" > > > > > Set objRoot = GetObject("LDAP://RootDSE") > > > > > Object = objRoot.Get("DefaultNamingContext") > > > > > > > > > > Call LookInsideObject (Object) > > > > > > > > > > Set Object = Nothing > > > > > Set objRoot = Nothing > > > > > > > > > > WScript.Quit (0) > > > > > > > > > > ' > > > > > > > > ------------------------------------------------------------------------ > > > ---- > > > > > ------- > > > > > Private Sub LookInsideObject (Object) > > > > > > > > > > Dim objMember > > > > > Dim Member > > > > > > > > > > Set objMember = GetObject ("LDAP://" & Object) > > > > > > > > > > if objMember.Class <> "sitesContainer" And _ > > > > > objMember.Class <> "container" And _ > > > > > objMember.Class <> "configuration" _ > > > > > Then Call ShowMemberInfo (objMember) > > > > > > > > > > For Each Member in objMember > > > > > If Member.Class = "domainDNS" Or _ > > > > > Member.Class = "organizationalUnit" Or _ > > > > > Member.Class = "sitesContainer" Or _ > > > > > Member.Class = "site" Or _ > > > > > Member.Class = "container" _ > > > > > Then Call LookInsideObject (Member.Name & "," & Object) > > > > > Next > > > > > > > > > > Set objMember = Nothing > > > > > > > > > > End Sub > > > > > > > > > > ' > > > > > > > > ------------------------------------------------------------------------ > > > ---- > > > > > ------- > > > > > Private Sub ShowMemberInfo (Object) > > > > > > > > > > Dim longStartPolicyPath > > > > > Dim longEndPolicyPath > > > > > Dim strPolicyPathSource > > > > > Dim strPolicyPath > > > > > > > > > > Dim objPolicy > > > > > Dim objPolicyClassDef > > > > > Dim objPolicyProperty > > > > > > > > > > Dim strPropertyName > > > > > > > > > > Object.GetInfo > > > > > > > > > > If Object.GPLink = "" Then > > > > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > > > > WScript.Echo "(No Group Policy Defined)" > > > > > WScript.Echo > > > > > End If > > > > > > > > > > strPolicyPathSource = Object.GPLink > > > > > > > > > > While (strPolicyPathSource <> "") > > > > > > > > > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > > > > > > > > > ' Extract each LDAP pointer from the GPLink. > > > > > longStartPolicyPath = InStr(1, strPolicyPathSource, "[", > > > > > vbTextCompare) > > > > > longEndPolicyPath = InStr(1, strPolicyPathSource, "]", > > > vbTextCompare) > > > > > strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + > > > 1, > > > > > longEndPolicyPath - 4) > > > > > strPolicyPathSource = Mid(strPolicyPathSource, > > > longEndPolicyPath + 1) > > > > > > > > > > Set objPolicy = GetObject(strPolicyPath) > > > > > > > > > > objPolicy.GetInfo > > > > > > > > > > WScript.Echo "Found an existing Policy: '" & > > > > > objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")" > > > > > WScript.Echo " GPLink=" & strPolicyPath > > > > > > > > > > Set objPolicyClassDef = GetObject (objPolicy.Schema) > > > > > > > > > > On error Goto ErrorHandler > > > > > > > > > > For Each strPropertyName In > > > objPolicyClassDef.MandatoryProperties > > > > > Set objPolicyProperty = GetObject > > > (objPolicyClassDef.Parent > > > > > + "/" + strPropertyName) > > > > > WScript.Echo " " & strPropertyName & "=" & > > > > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & > > > ")" > > > > > Set objPolicyProperty = Nothing > > > > > Next > > > > > > > > > > For Each strPropertyName In > > > objPolicyClassDef.OptionalProperties > > > > > Set objPolicyProperty = GetObject > > > (objPolicyClassDef.Parent > > > > > + "/" + strPropertyName) > > > > > WScript.Echo " " & strPropertyName & "=" & > > > > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & > > > ")" > > > > > Set objPolicyProperty = Nothing > > > > > Next > > > > > > > > > > Set objPolicyClassDef = Nothing > > > > > > > > > > Set objPolicy = Nothing > > > > > > > > > > WScript.Echo > > > > > > > > > > Wend > > > > > > > > > > Exit Sub > > > > > > > > > > ErrorHandler: > > > > > > > > > > WScript.Echo Err.Description & "(" & Err.Number & ")" > > > > > Resume Next > > > > > > > > > > End Sub > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > > > > Sent: Wednesday, August 10, 2005 6:19 AM > > > > > To: activedirectory > > > > > Subject: [ActiveDir] 2 quick favors > > > > > > > > > > Does anyone know of a tool to enumerate all GPO's in a domain > > > listing all > > > > > the specific settings enabled that i can spit out to text file. > > > > > the enviorment i work in is all win2k pro/server so GPMC is out. > > > > > Also, gpotool doesn't seem to show specific links and what settings > > > are > > > > > enabled. > > > > > > > > > > Second question is, does anyone have a script that can enumerate all > > > the > > > > > local accounts and groups on domain memeber servers and > > > workstations? > > > > > > > > > > Thanks a lot. > > > > > I apologize for being so needy. > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/