Managing the Local Administrators

Pascal BergeotGoverlan v8 News
Share

Managing the Local Administrators with Goverlan

Removing local administrators is an easy way to improve Windows security. Sometimes politics get in the way and you are forced to add local administrators to machines. This can quickly get out of hand.

 

When a user has local admin rights they can do literally anything they want on their workstation, including: downloading and installing applications, uninstalling applications, and even block IT staff from administering their workstations. Many users – especially c-levels – do not want to have to deal with IT to install apps or plugins and that forces complicated issues and compromises network security.

Goverlan offers very simple management to let you report on and control the local administrator.

During this demo we will show you how to:

  • Find machines with non-compliant/non-authorized local administrators
  • Remove non-authorized local administrators, leaving domain admins in place
  • Temporarily add users to the local administrators group so they can be productive
  • Quickly revoke those rights when needed
  • Fully automate the process by having Goverlan remove non-approved admins on a periodic basis

Watch this quick demo and learn about improving network security by managing the local administrator quickly and efficiently using Goverlan. See step-by-step processes below and try Goverlan for free!

The Goverlan Custom/Scope Action used in the demo

Report on local Admins

Report Computer property >> Local Account Database >> Local Groups >> Members >> NT Account Name

CONDITION

Local Account Database >> Local Groups >>NT Account Name = Administrators

Clean up local admins

Execute Computer Action >> Local Account Database >> Local Groups >> Members >> Delete object

CONDITIONS

  • Computer condition >> Local Account Database >> Local Groups NT Account Name = Administrators (focuses on the Administrators group)
  • Computer condition >> Local Account Database >> Local Groups >> NT Account Name NOT= Administrator
  • Computer condition >> Local Account Database >> Local Groups >> NT Account Name NOT= Domain Admins
  • Computer condition >> Local Account Database >> Local Groups >> NT Account Name NOT= PJLAB DA Group

Add logged-in user to local admins actions

Execute Action >> Computer Action >> Local Account Database >> Add Local Group Member

Local Group Name: Administrators
Member UNC Name: Insert >> Logged-in user >> NT Account Name

Leave a Reply