Local Administaror

gajendra · September 8, 2015, 9:33am

Hi Folks,

show multiple results “name of administrator of client”

please suggest how to get name of local admin.

Thanks in advance

AlanM · September 8, 2015, 8:59pm

Are you trying to get the administrators of the OS or of this BigFix Endpoint. For the BigFix agent you already have the right info.

If you are trying to get the OS then maybe

members of local group "Administrators"

gajendra · September 9, 2015, 2:25pm

Thanks for reply …

I used this it showing multiple entries

strawgate · September 9, 2015, 2:50pm

You could do:

"Concatenations "; " of names of members of local group “Administrators” and that should give you a list of them viewable in the console
You can just mouse over the, “” to view all of them in the console
You can use Web Reports to view them all

gajendra · September 9, 2015, 3:53pm

I used concatenation it shows local admin access acccount (standard account who have admin privilage) only for all machines

we want domain users list whose have local admin access.

Thanks in advance

AlanM · September 9, 2015, 5:05pm

Then you are going to get multiple entries. The members of local group "Administrators" relevance will show any groups that have access that are AD based and you will have to use some AD queries in other places to get that.

Not sure exactly what you are trying to get, maybe if you start with an example of what you are trying to get.

gajendra · September 10, 2015, 9:51am

Thanks for reply

yes … it show all groups… we require only AD user.

it showing multiple results…

strawgate · September 10, 2015, 3:31pm

I accidentally made a reply to this as it’s own topic yesterday night… but here is my actual reply:

So I cant seem to figure out how to print out all of the members of a domain group with BigFix (this might be intentional due to the slowness of an LDAP query…)

You could also write a script that gets this information (Like with Powershell) and then output it to a file and read it with an analysis

First I’d make a fixlet…
But – you could use a script like this: https://gallery.technet.microsoft.com/scriptcenter/Get-LocalGroupMembership-c6168cfd

Maybe make another script that calls, Import-Module and then the command Get-LocalGroupMembership and puts the output to a file

Call the script using this:
waithidden powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File “.ps1”

Then you could make an analysis that reads the contents of the file

SLB · September 14, 2015, 6:06pm

Would somethig like this work for you?

members whose (it as string does not start with computer name) of local group “Administrators”

This should exclude any local account and leave you with how ever many domain accounts are members (you can also concatenate into a singular)

strawgate · September 14, 2015, 7:11pm

I think his issue is due to not being able to evaluate the members of groups in the administrators group. Getting explicit members is easy but knowing who is a member of the domain admins group (or any other group) is more challenging.