Members of a local group

system · April 3, 2008, 7:01pm

(imported topic written by BenUK77791)

Hi,

I am trying to return members of a local group on all workstations.

The qna returns fine as:

Q:members of local group “Remote Desktop Users”

A: AD\username

Am having difficulty finding the correct relevance to return all members of this local group accross the domain.

So far have tried:

(name of operating system = “WinXP”) and (members of local group “Remote Desktop Users”)

And

members whose (it as string is not equal to “AD\Domain Admins”) of local group “Remote Desktop Users”

Any help appreciated.

Ben.

BenKus · April 4, 2008, 9:50am

(imported comment written by BenKus)

Hey Ben,

Your second relevance looks good… what is not working about it?

You might improve it by doing a case insensitive compare:

members whose (it as string as lowercase != “ad\domain admins”) of local group “Remote Desktop Users”

Warning on this relevance!!! If this relevance runs on a domain controller, it will list all of the domain users (which are considered local users on domain controllers), which will take a long time (and disrupt normal agent operation on the domain controller) so if you use this relevance, you will want to put it in an analysis with the relevance:

product type of operating system != nt domain controller product type

This will prevent the property from running on domain controllers.

Ben

system · April 4, 2008, 12:16pm

(imported comment written by BenUK77791)

Hi Ben, thanks for your response.

The second relevance doesn’t return anything for some reason.

Using the Relevance debugger the following returns successfully:

members whose (it as string as lowercase != “ad\domain admins”) of local group “Remote Desktop Users”

However, I would have thought using the additional relevance would ensure it would only run on XP desktops:

(name of operating system = “WinXP”) and members whose (it as string as lowercase != “ad\domain admins”) of local group “Remote Desktop Users”

In the debugger this returns ‘Type Error’ the right operand of ‘and’ must have type ‘singular boolean’ (it has type ‘plural local group member’ now)

I need to return any members of the local group ‘Remote Desktop Users’ on all XP machines.

Thanks for your help.

Ben.

system · April 4, 2008, 11:01pm

(imported comment written by jessewk)

Try:

if name of operating system = “WinXP” then members whose (it as string as lowercase != “ad\domain admins”) of local group “Remote Desktop Users” else nothing

system · April 7, 2008, 12:25pm

(imported comment written by BenUK77791)

Hi Ben,

Again this returns correctly in QNA and relevance debugger but has no applicable computers when run as a Fixlet message.

Would this be more successful as an analysis?.

Thanks,

Ben.

system · April 7, 2008, 12:44pm

(imported comment written by BenUK77791)

Hi Ben, ignore the above post, analysis seems to be working.

Thanks for your help.

Ben.