I know how to fetch a list of local administrators on a remote machine via WMI:
wmic /Node:"ComputerName" path win32_groupuser where (groupcomponent="win32_group.name=\"administrators\",domain=\"Computername\"")
This will return users and groups:
GroupComponent PartComponent
win32_group.domain="Computername",name="administrators" \\Computername\root\cimv2:Win32_UserAccount.Domain="Computername",Name="Administrator"
win32_group.domain="Computername",name="administrators" \\Computername\root\cimv2:Win32_Group.Domain="MYDOMAIN",Name="Domain Admins"
win32_group.domain="Computername",name="administrators" \\Computername\root\cimv2:Win32_Group.Domain="MYDOMAIN",Name="SomeOtherGroup"
win32_group.domain="Computername",name="administrators" \\Computername\root\cimv2:Win32_UserAccount.Domain="MYDOMAIN",Name="MyUser"
However, if a user is a member of SomeOtherGroup
above, I need to know that he is a member - and therefore a local admin. So, I need to expand (likely recursively) all group members.
Is there a WMI query that can self-join on win32_group
, expanding all usernames of all groups that are local admins?