cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GMFDE
Engaged Sweeper III
One of our company policies is that no one is allowed to have their normal user ID in the local machine admin group. However, we do allow for some exceptions and have a request process in place that lets us track these exceptions. It has come to me to start generating reports of users that have somehow managed to get their user ID into the local machine admin group without requesting an exception. The "Computer: Unauthorized Administrators" report seems perfect for this task. However, I've run into the issue described next.

When adding Administrator Names to the list, it appears the only way I can get it to work is by putting just a % in the Domain/Computer field.

I've tried too many variants to list but some of them are:

MYDOMAIN/COMPUTERNAME
mycomputer.fqdn
%MYCOMPUTERNAME%


I've also tried using the full AD name for the "Administrator Name" such as: ADDOMAIN\USERID.

Obviously, the desired goal would be to have one entry for the computer name with one entry for the matching user ID. Even in the case of where a user has multiple machines that he is authorized to be local admin, it seems I should be able to accommodate this. What happens now when I put the single % in the field is the report becomes useless.

Any suggestions?



6 REPLIES 6
GMFDE
Engaged Sweeper III
Sigh,

Ok, this is now the third item I've identified that used to work in previous versions that no longer works in current versions.

Thinking our investment in your product might have been short-sighted.
Hemoco
Lansweeper Alumni
GMFDE wrote:
Sigh,

Ok, this is now the third item I've identified that used to work in previous versions that no longer works in current versions.

Thinking our investment in your product might have been short-sighted.

Admin authorization has always worked like this, in Lansweeper 4.2 as well.
Hemoco
Lansweeper Alumni
Please note that you cannot authorize domain accounts for specific computers. This is not currently supported. You can only authorize:
- A local user account for a specific computer.
- A domain account for an entire domain.
GMFDE
Engaged Sweeper III
Casus71,

Gave it a try but no joy.

Tried several variations as well, again with no luck.

Any chance of a Dev remarking on this?
GMFDE
Engaged Sweeper III
Casus71,

Thanks, I'll give that a try and let the forum know if it worked.
Casus71
Engaged Sweeper
Freshly after installing Lansweeper 5 I'm facing similar dilemma: trying to tell Lansweeper about domain users/groups administrating not all domains but only selected computers.

BTW I'm pretty much surprised with changes in Lansweeper except for chronic imperfection mentioned above.

IIRC a few years ago (in Lansweeper 3.x) I was using for that purpose values like "domainname\username", probably with some modyfication of report "Computer: Unauthorized Administrators".

Sugestion may be like this: use usernames in form "domainname\username", folowing SQL from report "Computer: Unauthorized Administrators" make better one, and remember, don't upgrade Lansweeper if modyfication succeded! ;-]