Check for value

[jvuz]

Hello,

I have this script

Code: Select all

@echo off &setlocal enabledelayedexpansion

set "separator=,"

set "foundhyphens="
set /a n=0
for /f "delims=" %%a in ('net localgroup administrators') do (
  if defined foundhyphens set /a n+=1
  set "member!n!=%%a"
  echo("%%a"|findstr /x "\"\-\-*\"" >nul &&set "foundhyphens=1"
)
set /a n-=1

for /l %%i in (1,1,%n%) do (
  set "data=!data!%separator%!member%%i!
)

if defined data (
  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "admins" /t REG_SZ /d "%data:~1%" /f
)

that checks who has admin rights on the pc and writes it to the regsitry. Now I was wondering if it's also possible to add a check for some values. I'll explain. If nobody but the domain admins have admin rights it should be something like: administrator, adminpdc, OURDOMAIN\domain admins. So if it's like this it should write the value noadmin to another key. If there is another user present in the list, it should write admin to the other key.

Is something like this possible?

[Squashman]

Kind of wondering why you don't have your first FOR Loop using the SKIP option?

[jvuz]

Please explain.

[Squashman]

Open up a CMD shell and run your original for loop and just echo the results to the screen.
for /f "delims=" %a in ('net localgroup administrators') do echo %a

Now do this
for /f "skip=6 delims=" %a in ('net localgroup administrators') do echo %a

You see the difference.

[jvuz]

OK, I see, and what about my question at the top. Is this possible you think?

[Squashman]

OK, I see, and what about my question at the top. Is this possible you think?

Sure, anything is possible. You could use string substitution to remove the known Users who are part of the administrators group. Then if the variable with all the users is still defined, then you know there is more users in the administrators group.

But first off you really need to cleanup your code to create your DATA variable. That is extreme overkill. Why are you doing it that way? Could you explain?

[jvuz]

I created it with help from people of this forum a couple of years ago, so it's probably best to cleanup.

[Squashman]

I created it with help from people of this forum a couple of years ago, so it's probably best to cleanup.

Well I am not going to question aGerman's talents. His expertise are much better than mine. But you could have just resurrected your original thread instead of starting a new one.

For everyone's reference here is the original.
viewtopic.php?f=3&t=1670&start=0

[jvuz]

Sorry Squashman,

i thought it would be better to start a new one, because the other one was old. Sorry. If you think it's better to merge to the other one, no problem for me.

Jvuz

[Squashman]

So you can take your DATA variable and assign it to another variable and manipulate it with string substitution.

set admins=%data%
Then to remove the known admins you could do this

set admins=%admins:,adminpdc=%
set admins=%admins:,administrator=%
etc.....
Once you have removed all the known admin users from the variable you can check to see if it is defined.

IF defined admins (
do your reg add here if there is admins
) else (
do you reg add here if there are no admins
)

[jvuz]

Thanks Squashman,

I tried it with this:

Code: Select all

@echo off &setlocal enabledelayedexpansion

set "separator=,"

set "foundhyphens="
set /a n=0
for /f "delims=" %%a in ('net localgroup administrators') do (
  if defined foundhyphens set /a n+=1
  set "member!n!=%%a"
  echo("%%a"|findstr /x "\"\-\-*\"" >nul &&set "foundhyphens=1"
)
set /a n-=1

for /l %%i in (1,1,%n%) do (
  set "data=!data!%separator%!member%%i!
)

if defined data (
  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "admins" /t REG_SZ /d "%data:~1%" /f
)
set admins=%data%
set admins=%admins:,adminpdc=%
set admins=%admins:,administrator=%
set admins=%admins:,rbins\domain admins=%

if defined admins (
   reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "NoAdmins" /t REG_SZ /d "No" /f
   )else(
   reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies" /v "NoAdmins" /t REG_SZ /d "Yes" /f
   )

but nothing changes. I suppose I'm doing something wrong.

[Squashman]

You need spaces in between your parenthesis and the else statement.

[jvuz]

Thanks!

[foxidrive]

FWIW this line is missing a trailing double quote "

set "data=!data!%separator%!member%%i!

[Squashman]

FWIW this line is missing a trailing double quote "

set "data=!data!%separator%!member%%i!

I thought you had bad eyes....