Local Admin/User Audit - Windows - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Local Admin/User Audit - Windows11/29/2012 10:30:12 AM
2Local Admin/User Audit - Windows7/10/2013 10:54:45 AM

Description

This analysis will audit the number of local admins on the system.

Property Details

ID49
TitleLocal Admin/User Audit - Windows
DomainBESC
KeywordsAdmins Admin User Audit Users
Added by on 11/29/2012 10:30:12 AM
Last Modified by on 12/5/2012 9:14:48 AM
Counters 8969 Views / 11 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Number of Local Admins
Period 2 days
 
  * Results in a "string"/number
Show indented relevance
number of members whose (it as string contains computer name) of local group "Administrators" as string
Local Admins
Period 2 days
 
  * Results in a "string"/number
Show indented relevance
concatenation ", " of (members whose (it as string contains computer name) of local group "Administrators" as string)
Local Users
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
concatenation ", " of (members whose (it as string contains computer name) of local group "Users" as string)

Relevance

Used in 57 fixlets and 4 analyses   * Results in a true/false
Show indented relevance
(name of it = "WinXP" OR name of it = "WinXP-2003" OR (name of it = "WinVista" AND product type of it = nt workstation product type AND NOT x64 of it) OR (name of it = "WinVista" AND product type of it = nt workstation product type AND x64 of it) OR (name of it = "Win7" AND NOT x64 of it) OR (name of it = "Win7" AND x64 of it)) of operating system
Used in 1 analsis   * Results in a true/false
Show indented relevance
exists local group "Administrators"

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
JasonWalker -
(if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544")
JasonWalker -
A bit late, but I stumbled across this while answering another question. I've posted a method at https://forum.bigfix.com/t/local-admin-users-query/45134/2 to avoid hardcoding the 'Administrators' group name as well as including Domain members, and normalizing all "COMPUTERNAME\member" values into ".\member" for easier filtering across computer names. My final relevance is ` q: (if it as lowercase starts with computer name as lowercase & "\" then ".\" & following text of first "\" of it else it) of (it as string) of sids of members of local groups whose (component string of sid of it = "S-1-5-32-544") ` A: .\Administrator A: .\Jason A: .\admin3 A: D\Domain Admins
AJFP -
I'm guessing this does not show domain users who are added to the local admin? Initial run of this is only showing local users that are added....
jgstew -
There might be a way to generalize this relevance to not hardcode the OS language name for the group. I should look into that someday.
lwright1010 -
love this - satisfied an immediate need in no time at all - thank you - looking forward to adding some other fields of interest.
themode -
rmoe - just substitute "administrator" with the local language equivalent. For instance in French I would have to replace it with "administrateur"
jgstew -
I'm not certain how the relevance would work for other OS languages. I'm not sure if it handles that automatically, or if you would have to adjust the code for every different language.
rmoe -
I wondering how is the relevance for other OS languages? As for the Polish or German OS for example, the local group is not called "Administrators".