1. Support
  2. Tutorials
  3. Scope Action – Find Non Compliant Local Administrators and remove them!

Scope Action – Find Non Compliant Local Administrators and remove them!

Summary

Use this Goverlan Scope Action to find out who is in the local administrator group on your Windows workstations.

**Disclaimer: These tutorials are for demonstration purposes. Please test all Scope Actions before deploying them into production.**

Information

This is a useful report for auditing the local admins group on your machines. Take the scope action a step further and automatically remove the non-compliant admins as well.

Step 1 – Starting a new Scope Action

If you have never created a Scope Action before, please refer to the below video and the Scope Action Creation Basics article for more information.

Step 2 – Creating a Non-compliant Local Admins Audit Report

The action module should consist of the following Report Item:
Add \ Remove –> Report Computer Property –> Local Account Database –> Local Groups –> Members –> AD Account Name

TIP: Instead of choosing “Members”, try choosing “Members (Effective)” to recurse the groups and get more information on who exactly has local administrative rights. See this () for more information on Recursive Group reporting.

Step 3 – Filtering out known accounts

You will need a filter to select the local admins group and filter out accounts that should be in group.

Use the “Only if the following is true” section to create the filter:
Add \ Remove –> Set Computer Condition –> Local Account Database –> Local Groups –> NT Account Name
The condition should be set to  “=”
The Desired Value should be Administrators

Next, Filter out accounts and groups that should not appear in the report. These are accounts that should be present in the local admins group.
Add \ Remove –> Set Computer Condition –> Local Account Database –> Local Groups –> Members –> NT Account Name
The condition should be set to “NOT =”
The Desired Value should be “Administrator” or the name or your local admin account.

Add a new condition for each “Members –> NT Account Name” value that should not appear in the report.

Report Sample

Optional Step – Removing Non-Compliant Admins

Create a new action module and add the following action.

Add \ Remove –> Execute Computer Action –> Local Account Database –> Local Groups –> Members –> Delete Object

Create the same filter in Step 3. Goverlan will remove all users or groups EXCEPT the ones specified in the list.

NOTE: YOU MUST NOW CREATE THE SAME FILTER IN STEP 3! NOT DOING THIS WILL TELL GOVERLAN TO REMOVE ALL MEMBERS!

Re-run the report from Step 2 to verify your results.

Was this article helpful?

Related Articles