Local Admin/User Audit - Windows
5 Votes |
Versioning - This is the latest version.
1 | Local Admin/User Audit - Windows | 11/29/2012 10:30:12 AM |
2 | Local Admin/User Audit - Windows | 7/10/2013 10:54:45 AM |
Description
This analysis will audit the number of local admins on the system.
From here: http://bigfix.me/cdb/analysis/49
Property Details
2994547 | |
Beta - Preliminary testing ready for more | |
Local Admin/User Audit - Windows | |
BESC | |
jgstew on 7/10/2013 10:54:45 AM | |
jgstew on 7/10/2013 10:54:45 AM | |
30472 Views / 503 Downloads | |
![]() ![]() ![]() ![]() ![]() |
Properties
Number of Local Admins
Period
2 days
* Results in a true/false |

(number of members whose (it as string contains computer name) of local group "Administrators" as string)
Local Admins
Period
2 days
* Results in a true/false |

(concatenation ", " of (members whose (it as string contains computer name) of local group "Administrators" as string))
Local Users
Period
1 day
* Results in a true/false |

(concatenation ", " of (members whose (it as string contains computer name) of local group "Users" as string))
Relevance
Sharing
Social Media: |
Comments
![]() |
|
(if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544") |
![]() |
|
A bit late, but I stumbled across this while answering another question. I've posted a method at https://forum.bigfix.com/t/local-admin-users-query/45134/2 to avoid hardcoding the 'Administrators' group name as well as including Domain members, and normalizing all "COMPUTERNAME\member" values into ".\member" for easier filtering across computer names. My final relevance is ` q: (if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544") ` A: .\Administrator A: .\Jason A: .\admin3 A: D\Domain Admins |
![]() |
|
I'm guessing this does not show domain users who are added to the local admin? Initial run of this is only showing local users that are added.... |
![]() |
|
There might be a way to generalize this relevance to not hardcode the OS language name for the group. I should look into that someday. |
![]() |
|
love this - satisfied an immediate need in no time at all - thank you - looking forward to adding some other fields of interest. |
![]() |
|
rmoe - just substitute "administrator" with the local language equivalent. For instance in French I would have to replace it with "administrateur" |
![]() |
|
I'm not certain how the relevance would work for other OS languages. I'm not sure if it handles that automatically, or if you would have to adjust the code for every different language. |
![]() |
|
I wondering how is the relevance for other OS languages? As for the Polish or German OS for example, the local group is not called "Administrators". |