I have been searching and trying everything to get a relevance statement that will tell me if the Admin Group has any account that don’t match our standard. I read a lot of different posts but nothing is working.
if (not exists members whose( (following text of last “” of (it as string as lowercase)) is not contained by set of (“Administrator”;“PHFadmin”;“PHF\Domain Admins”;“PHF\Local Admins”) ) of local groups “administrators”) then (“Compliant”) else (“Non-Compliant”)
This just comes back Non-Compliant all the time even if I only have the 4 approved accounts.
you are comparing a “lowercase” string with constants that contain UPPERCASE letters.
you are keeping only the text after the LAST “” but you are comparing those results to strings that contain “” characters.
The following Relevance will produce the “strings” you are comparing to your set. Evaluate it on your computer and make note that there are no \ characters and nothing to indicate if the account in question is a Domain or Local account.
Q: (Following Text of last "\" of (it as string as lowercase)) of members of local Group "Administrators"
Okay I understand. I made the tweaks and now it is working a lot better.
But is seems to still not work if there aren’t any extra accounts but if one of the 4 main ones is missing it still says Compliant. So if Admin Group only has admins,phfadmin,domain admins it will say compliant.
Is there a way so it has to have the exact 4 to be compliant, not anymore and not any less?
set of ((Following Text of last “” of (it as string as lowercase)) of members of local Group “Administrators”) = set of (“Administrator”;“PHFadmin”;“Domain Admins”;“Local Admins”)
BEAUTIFUL! tweaked it a little bit but that is exactly what I wanted. Thank you to everyone!!!
if (set of ((Following Text of last “” of (it as string as lowercase)) of members of local Group “Administrators”) = set of (“administrator”;“phfadmin”;“domain admins”;“local admins”)) then (“Compliant”) else (“Non-Compliant”)