Local Admin/User Audit - Windows
Log In or Register to download the BES file, and more.

5 Votes

Versioning - This is the latest version.

1Local Admin/User Audit - Windows11/29/2012 10:30:12 AM
2Local Admin/User Audit - Windows7/10/2013 10:54:45 AM

Description

This analysis will audit the number of local admins on the system.

From here: http://bigfix.me/cdb/analysis/49


Property Details

ID2994547
StatusBeta - Preliminary testing ready for more
TitleLocal Admin/User Audit - Windows
DomainBESC
Added by on 7/10/2013 10:54:45 AM
Last Modified by on 7/10/2013 10:54:45 AM
Counters 30472 Views / 503 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 5 ratings. ** Log In or Register to add your rating.

Properties

Number of Local Admins
Period 2 days
 
  * Results in a true/false
Show indented relevance
(number of members whose (it as string contains computer name) of local group "Administrators" as string)
Local Admins
Period 2 days
 
  * Results in a true/false
Show indented relevance
(concatenation ", " of (members whose (it as string contains computer name) of local group "Administrators" as string))
Local Users
Period 1 day
 
  * Results in a true/false
Show indented relevance
(concatenation ", " of (members whose (it as string contains computer name) of local group "Users" as string))

Relevance

Used in 2 analyses   * Results in a true/false
Show indented relevance
(windows of operating system)
Used in 1 analsis   * Results in a true/false
Show indented relevance
(exists local group "Administrators")

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
JasonWalker -
(if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544")
JasonWalker -
A bit late, but I stumbled across this while answering another question. I've posted a method at https://forum.bigfix.com/t/local-admin-users-query/45134/2 to avoid hardcoding the 'Administrators' group name as well as including Domain members, and normalizing all "COMPUTERNAME\member" values into ".\member" for easier filtering across computer names. My final relevance is ` q: (if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544") ` A: .\Administrator A: .\Jason A: .\admin3 A: D\Domain Admins
AJFP -
I'm guessing this does not show domain users who are added to the local admin? Initial run of this is only showing local users that are added....
jgstew -
There might be a way to generalize this relevance to not hardcode the OS language name for the group. I should look into that someday.
lwright1010 -
love this - satisfied an immediate need in no time at all - thank you - looking forward to adding some other fields of interest.
themode -
rmoe - just substitute "administrator" with the local language equivalent. For instance in French I would have to replace it with "administrateur"
jgstew -
I'm not certain how the relevance would work for other OS languages. I'm not sure if it handles that automatically, or if you would have to adjust the code for every different language.
rmoe -
I wondering how is the relevance for other OS languages? As for the Polish or German OS for example, the local group is not called "Administrators".