[英]How to use Python to get local admins from a computer on the Network?
I need to get a list of all people in the company who have local admin rights on their computers. 我需要获取公司中所有在其计算机上具有本地管理员权限的人员的列表。 We have a group on each machine called "Administrators."
每台计算机上都有一个名为“管理员”的组。 I can get a list of all computers from active directory with:
我可以通过以下方式从活动目录中获取所有计算机的列表:
import active_directory
for computer in active_directory.search ("objectCategory='Computer'"):
print computer.displayName
Now I think I need to take each computer name and feed it back in. I was thinking maybe reading the remote registry on each computer and looking for the SID -- supposedly the SID 'S-1-5-domain-500' will give me a list of people on the computer that are local admins. 现在,我想我需要获取每台计算机的名称并将其重新输入。我在考虑也许要阅读每台计算机上的远程注册表并寻找SID-假设SID'S-1-5-domain-500'会给我列出了计算机上的本地管理员。 I did:
我做了:
import _winreg
COMPUTER_NAME = "FakeComputerName"
KEY_PATH = r"System\CurrentControlSet\Control\ComputerName\ComputerName"
HKLM_remote = _winreg.ConnectRegistry (r"\\%s" % COMPUTER_NAME, _winreg.HKEY_LOCAL_MACHINE)
hKeyRemote = _winreg.OpenKey (HKLM_remote, KEY_PATH, 0, _winreg.KEY_READ)
value, type = _winreg.QueryValueEx (hKeyRemote, "ComputerName")
print "Remote computer name is", value
Remote computer name is FakeComputerName
How do I combine these to get what I need? 如何结合这些来获得所需的东西? Will these work together?
这些会一起工作吗? Is this the best way to go about this?
这是解决此问题的最佳方法吗? Once I get this to work I can figure out writing it to a file and adding exceptions like if the computer isn't on the network it writes that and then moves onto the next PC.
一旦使之生效,我就可以将其写入文件并添加例外,例如,如果计算机不在网络中,则将其写入,然后移至下一台PC。 Perhaps use win32security?
也许使用win32security?
I don't know what registry key to use or even if it will work. 我不知道要使用什么注册表项,即使它可以工作。 I've spent about 5 hours on this today and I am still learning Python.
我今天已经花了大约5个小时,但我仍在学习Python。 I don't know VB and that is the majority of code I see on the net.
我不了解VB,这是我在网上看到的大部分代码。
Thanks! 谢谢!
Is this the data from this operation going to be manipulated afterwards? 这是来自此操作的数据吗? If this is a manual scan that is going to be looked at by a human, then you're way overthinking it.
如果这是要由人工检查的手动扫描,那么您就太想它了。
Just use a network scanner to handle it for you, such as this one . 只需使用网络扫描仪为您处理它,例如此 。
I'm not sure of the details but it sounds like you may want to take a look at the WMI package. 我不确定具体细节,但是听起来您可能想看看WMI软件包。
Back when I was playing with COM and the windows registry and ran across it. 回到我玩COM和Windows注册表的时候,就碰到了它。 It looks like it's been improved a bit since when I looked at it.
自从我查看它以来,它似乎已经有所改进。
Here's windows reference documentation. 这是Windows参考文档。 WMI Reference
WMI参考
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.