EV Reach - IT Process Automation Tutorial - Remediating Non-Compliant Local Administrators

Last modified on 2024/01/08 11:17

ProcessAutomationsCaution

   These tutorial is for demonstration purposes. Please test all Scope Actions before deploying them into production.

Objectives

Managing client machine local admin rights manually is a tedious systems management task.

In this tutorial, you will learn to use EV Reach's Process Automation framework to find out who is in the local administrator group on multiple Windows workstations, audit the local admins group for compliance and automatically remove the non-compliant admins as well.

Prerequisites

ProcessAutomationsPrerequisites_FreeTrialProduct

  • You will need access to the full version of EV Reach and its Process Automation framework. If you don’t currently own a valid license, you can download a free version of our remote access software on our website. The 15-day trial is free and no credit card is required.

Best Practice

ProcessAutomationsBestPractice

Step by Step Tutorial

Step 1: Reporting on Non-compliant Local Admins

1. The action module should consist of the following Report Item:

Add \ Remove --> Report Computer Property --> Local Account Database --> Local Groups --> Members --> AD Account Name

Best Practice icon.png  Instead of choosing "Members", try choosing "Members (Effective)" to recurse the groups and get more information on who exactly has local administrative rights. See this () for more information on Recursive Group reporting.

          Step1.jpg
 

Step 2: Filtering out Known Accounts

You will need a filter to select the local admins group and filter out accounts that should be in group.

1. Use the "Only if the following is true" section to create the filter: 

  • Add \ Remove --> Set Computer Condition --> Local Account Database --> Local Groups --> NT Account Name
  • The condition should be set to  "=" The Desired Value should be Administrators

          Step-2-Equal-to-Administrators.jpg

2. Filter out accounts and groups that should not appear in the report. These are accounts that should be present in the local admins group.

  • Add \ Remove --> Set Computer Condition --> Local Account Database --> Local Groups --> Members --> NT Account Name
  • The condition should be set to "NOT =".
  • The Desired Value should be "Administrator" or the name or your local admin account.

          Step-2-NOT-Equal-to-Administrators.jpg

3. Add a new condition for each "Members --> NT Account Name" value that should not appear in the report.
 

Step 3: Removing Non-Compliant Admins

1. Create a new action module and add the following action.

Add \ Remove --> Execute Computer Action --> Local Account Database --> Local Groups --> Members --> Delete Object

2. Create the same filter in Step 2. EV Reach will remove all users or groups EXCEPT the ones specified in the list.

   You must now create the same filter in Step 2! Not doing this will tell EV Reach to remove all members!

3. Re-run the report from Step 1 to verify your results.

Tags:
Powered by XWiki © EasyVista 2024