Skip to content

Instantly share code, notes, and snippets.

@leechristensen

leechristensen/FindingComputersWithLocalAdmin.md

Created August 30, 2019 22:51
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save leechristensen/0b6c53ac1bc925e7152ad68e07aec524 to your computer and use it in GitHub Desktop.
Save leechristensen/0b6c53ac1bc925e7152ad68e07aec524 to your computer and use it in GitHub Desktop.
Download ZIP
Useful cypher queries to find computers that are local admin on other computers, or to find groups containing bother users/computers.
Raw
FindingComputersWithLocalAdmin.md

Computer accounts added to local admins on machines via a group in the local admins

MATCH p1 = (c1:Computer)-[r:MemberOf*1..]->(g1:Group)
WITH c1,g1
MATCH p2 = (g1:Group)-[r:AdminTo]->(c2:Computer)
RETURN c1.name As Principal,c2.name AS Target,g1.name AS ViaGroup

Computer accounts added to local admins on machines explicitly

MATCH (c1:Computer)-[r:AdminTo]->(c2:Computer)
RETURN c1.name,c2.name

Blended user/computer groups may lead to computers accidently added as administrators.

Groups with users and computers (Explicitly added)

MATCH (c:Computer)-[r:MemberOf]->(groupsWithComps:Group)
WITH groupsWithComps
MATCH (u:User)-[r:MemberOf]->(groupsWithComps)
RETURN DISTINCT(groupsWithComps) as groupsWithCompsAndUsers

Groups with users and computers (Group membership included)

MATCH (c:Computer)-[r:MemberOf*1..]->(groupsWithComps:Group)
WITH groupsWithComps
MATCH (u:User)-[r:MemberOf*1..]->(groupsWithComps)
RETURN DISTINCT(groupsWithComps.name) as groupsWithCompsAndUsers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment