penpen wrote:Code: Select all
2>nul wmic path win32_groupuser where (GroupComponent="win32_Group.Name=\"%adminGroupName%\",Domain=\"%userDomain%\"" ^
AND PartComponent="Win32_UserAccount.Name=\"%userName%\",Domain=\"%userDomain%\"")
aGerman wrote:penpen
I tested your approach and it took ages. But you're right that it looks pretty much the same
Let me try again tomorrow ...
Steffen
I just tested penpen's code (didn't test earlier, sorry penpen), and rather than taking ages, I immediately got "No Instance(s) Available." More on that in a second.
douglas.swehla wrote:The key difference is in this line, where %%b is the admin group name:
Code: Select all
WMIC path Win32_GroupUser Where (GroupComponent^="Win32_Group.Name=\"%%b\",domain=\"%computername%\""^) get PartComponent
. . . I don't understand it at all.
I've been experimenting to understand all this, and there are a few interesting things going on here. The first is that penpen's code searches for
Domain=\"%userDomain%\", while compo's searches for
domain=\"%computername%\". On my machine, "%userDomain%" expands to "US", rather than the local machine name. That explains why I get no results: there are no local admins that are part of the nation-wide domain. I thought it might account for the long search search time that aGerman is getting (searching the whole network rather than local machine), but if that were the case, then I would expect my search to take ages, and
then say "No Instances", so I don't quite know what to make of that.
The next is the difference between the format of the query and the result. Both of these commands return the same result:
Code: Select all
WMIC path Win32_GroupUser Where (GroupComponent^="Win32_Group.Name=\"Administrators\",domain=\"%computername%\""^) get
WMIC path Win32_GroupUser Where (GroupComponent^="Win32_Group.domain=\"%computername%\",Name=\"Administrators\""^) get
GroupComponent PartComponent
Win32_Group.domain="MyComputerName",Name="Administrators" \\MyComputerName\root\cimv2:Win32_UserAccount.Domain="MyComputerName",Name="SomeITGuy"
Win32_Group.domain="MyComputerName",Name="Administrators" \\MyComputerName\root\cimv2:Win32_Group.Domain="US",Name="Domain Admins"
Win32_Group.domain="MyComputerName",Name="Administrators" \\MyComputerName\root\cimv2:Win32_Group.Domain="US",Name="XYZ_WKSTN_ADMINS"
Win32_Group.domain="MyComputerName",Name="Administrators" \\MyComputerName\root\cimv2:Win32_Group.Domain="US",Name="ALL_WKSTN_ADMINS"
Note that in the results, the domain portion of the group always comes before the name portion, even though the order is reversed in the first command. So, even though the query looks like it's matching a string, it's not, exactly. I think there must be some kind of implied AND syntax that's used to identify and match on object IDs. Again, not a WMI master, so if anybody knows otherwise, please chime in.
The last and biggest thing is the issue that I pointed out when proposing GPRESULT. My organization does some kind of weird security thing where my login name (%username%) is used as the first part of two different local account names, neither of which is assigned to any local groups. Both the NET command and WMI's Win32_UserAccount use these account names, and neither uses my login name, so both of these tools fail to recognize me as an administrator.
Since WMI doesn't recognize me as an admin, even when it's working at a sane speed, I have to retract my earlier endorsement of Compo's method, at least for now.
For what it's worth, my admin rights are handled by a third-party program. To get to an admin prompt, I search the Start menu for CMD, right-click on the result, and instead of "Run as admin", click "Run with Third-Party Program Name". That opens an instance of CMD.EXE with the title "Administrator: c:\windows\system32\cmd.exe" and current directory set to "C:\windows\system32", just like I'd get normally. This is a fairly recent change, and I'm pretty sure the weird account name stuff was in place before that, so I don't think they're directly related. If anyone has ideas on how to take that into account and still get a working solution from WMIC, I'd love to hear it.