Hi,
We have analysis to fetch desired group details from local Admin group of server, which is perfectly working fine but its not capturing restricted AD group which are added in local admin group. So is there any way we can capture these things too.
(concatenation “|” of (members of local group “Administrators” as string as lowercase)) contains (“domain\group_or_username” as lowercase)
any help here pls, any other option to capture restricted desired group from all endpoints.
Are you looking for the name of the nested group(s) or the members of the nested group(s)?
Tim, I am looking for nested group not the members, using mentioned analysis code able get normal group but not the restricted group, means group is added in administrators but is hidden thus analysis unable to capture it & getting FALSE statement.
By “restricted group”, do you mean the local group members that are enfroced by Group Policy are not visible as members to BigFix? The local group nembership is being enforced as described here? https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups
I am confused with Restricted Group by GPO so dont want to get into it.
My only concern is one of our AD group which is added in local admin group on most of servers which is not visible or bigfix agent could not able to catch it using mentioned analysis.
So question is how to validate that & if we cant validate hidden groups in local admin group, is there any other option we can check the access on any server by supply specific credentials using bigfix & capture output.