Page 1 of 2
Check for value
Posted: 04 May 2012 03:44
by jvuz
Hello,
I have this script
Code: Select all
@echo off &setlocal enabledelayedexpansion
set "separator=,"
set "foundhyphens="
set /a n=0
for /f "delims=" %%a in ('net localgroup administrators') do (
if defined foundhyphens set /a n+=1
set "member!n!=%%a"
echo("%%a"|findstr /x "\"\-\-*\"" >nul &&set "foundhyphens=1"
)
set /a n-=1
for /l %%i in (1,1,%n%) do (
set "data=!data!%separator%!member%%i!
)
if defined data (
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "admins" /t REG_SZ /d "%data:~1%" /f
)
that checks who has admin rights on the pc and writes it to the regsitry. Now I was wondering if it's also possible to add a check for some values. I'll explain. If nobody but the domain admins have admin rights it should be something like: administrator, adminpdc, OURDOMAIN\domain admins. So if it's like this it should write the value noadmin to another key. If there is another user present in the list, it should write admin to the other key.
Is something like this possible?
Re: Check for value
Posted: 04 May 2012 05:54
by Squashman
Kind of wondering why you don't have your first FOR Loop using the SKIP option?
Re: Check for value
Posted: 04 May 2012 05:56
by jvuz
Please explain.
Re: Check for value
Posted: 04 May 2012 06:02
by Squashman
Open up a CMD shell and run your original for loop and just echo the results to the screen.
for /f "delims=" %a in ('net localgroup administrators') do echo %a
Now do this
for /f "skip=6 delims=" %a in ('net localgroup administrators') do echo %a
You see the difference.
Re: Check for value
Posted: 04 May 2012 06:05
by jvuz
OK, I see, and what about my question at the top. Is this possible you think?
Re: Check for value
Posted: 04 May 2012 06:23
by Squashman
jvuz wrote:OK, I see, and what about my question at the top. Is this possible you think?
Sure, anything is possible. You could use string substitution to remove the known Users who are part of the administrators group. Then if the variable with all the users is still defined, then you know there is more users in the administrators group.
But first off you really need to cleanup your code to create your DATA variable. That is extreme overkill. Why are you doing it that way? Could you explain?
Re: Check for value
Posted: 04 May 2012 06:26
by jvuz
I created it with help from people of this forum a couple of years ago, so it's probably best to cleanup.
Re: Check for value
Posted: 04 May 2012 06:40
by Squashman
jvuz wrote:I created it with help from people of this forum a couple of years ago, so it's probably best to cleanup.
Well I am not going to question aGerman's talents. His expertise are much better than mine. But you could have just resurrected your original thread instead of starting a new one.
For everyone's reference here is the original.
viewtopic.php?f=3&t=1670&start=0
Re: Check for value
Posted: 04 May 2012 06:43
by jvuz
Sorry Squashman,
i thought it would be better to start a new one, because the other one was old. Sorry. If you think it's better to merge to the other one, no problem for me.
Jvuz
Re: Check for value
Posted: 04 May 2012 07:08
by Squashman
So you can take your DATA variable and assign it to another variable and manipulate it with string substitution.
set admins=%data%
Then to remove the known admins you could do this
set admins=%admins:,adminpdc=%
set admins=%admins:,administrator=%
etc.....
Once you have removed all the known admin users from the variable you can check to see if it is defined.
IF defined admins (
do your reg add here if there is admins
) else (
do you reg add here if there are no admins
)
Re: Check for value
Posted: 07 May 2012 01:03
by jvuz
Thanks Squashman,
I tried it with this:
Code: Select all
@echo off &setlocal enabledelayedexpansion
set "separator=,"
set "foundhyphens="
set /a n=0
for /f "delims=" %%a in ('net localgroup administrators') do (
if defined foundhyphens set /a n+=1
set "member!n!=%%a"
echo("%%a"|findstr /x "\"\-\-*\"" >nul &&set "foundhyphens=1"
)
set /a n-=1
for /l %%i in (1,1,%n%) do (
set "data=!data!%separator%!member%%i!
)
if defined data (
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "admins" /t REG_SZ /d "%data:~1%" /f
)
set admins=%data%
set admins=%admins:,adminpdc=%
set admins=%admins:,administrator=%
set admins=%admins:,rbins\domain admins=%
if defined admins (
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "NoAdmins" /t REG_SZ /d "No" /f
)else(
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "NoAdmins" /t REG_SZ /d "Yes" /f
)
but nothing changes. I suppose I'm doing something wrong.
Re: Check for value
Posted: 07 May 2012 06:32
by Squashman
You need spaces in between your parenthesis and the else statement.
Re: Check for value
Posted: 07 May 2012 06:35
by jvuz
Thanks!
Re: Check for value
Posted: 07 May 2012 15:29
by foxidrive
FWIW this line is missing a trailing double quote
"set "data=!data!%separator%!member%%i!
Re: Check for value
Posted: 07 May 2012 16:01
by Squashman
foxidrive wrote:FWIW this line is missing a trailing double quote
"set "data=!data!%separator%!member%%i!
I thought you had bad eyes....
