Introduction
In Windows Domains, the groups can be nested. I wondered if I could list members of local Administrators group recursively to get full list of local administrators. I've found some non recursive code in VB and PowerShell, but in C++ things appear slightly differently due to C++/COM idioms and recursive traversing was the main target.
Using the code
Download the zip, open in Visual Studio 2012, or in previous studio create new Console Application with ATL support and CutAndPaste the content of ListAdmins.cpp into main module file. I think the code is pretty easy to understand. The compiled tool will list local admins into stdout. The project is using WinXP toolset, so Update to VS2012 must be installed.
The first example lists local administrators where "Everyone" is member of "Administrators":
0 User Administrator WinNT://WORKGROUP/JAN-PC/Administrator
0 Group Everyone WinNT://Everyone
Cannot get WinNT://Everyone.
- Not enough priviledges? Not logged to domain? Well known object? -2147467262
0 User UserTest0 WinNT://WORKGROUP/JAN-PC/UserTest0
0 User jmach WinNT://WORKGROUP/JAN-PC/jmach
Where we can see, that members of well known group Everyone cannot be enumerated. It's also a tip for future improvement to handle this situation by comparing SID of object with SIDs of well known objects.
And here is example of really recursive traversing of members of "Administrators" of computer joined to domain "QA":
0 User Administrator WinNT://QA/JAM-VIRT-XP/Administrator
0 User jam WinNT://QA/JAM-VIRT-XP/jam
0 Group Domain Admins WinNT://QA/Domain Admins
1 User Administrator WinNT://QA/Administrator
1 User admin_privileges WinNT://QA/admin_privileges
History
Nothing so far.
