One of our company policies is that no one is allowed to have their normal user ID in the local machine admin group. However, we do allow for some exceptions and have a request process in place that lets us track these exceptions. It has come to me to start generating reports of users that have somehow managed to get their user ID into the local machine admin group without requesting an exception. The "Computer: Unauthorized Administrators" report seems perfect for this task. However, I've run into the issue described next.
When adding Administrator Names to the list, it appears the only way I can get it to work is by putting just a % in the Domain/Computer field.
I've tried too many variants to list but some of them are:
MYDOMAIN/COMPUTERNAME
mycomputer.fqdn
%MYCOMPUTERNAME%
I've also tried using the full AD name for the "Administrator Name" such as: ADDOMAIN\USERID.
Obviously, the desired goal would be to have one entry for the computer name with one entry for the matching user ID. Even in the case of where a user has multiple machines that he is authorized to be local admin, it seems I should be able to accommodate this. What happens now when I put the single % in the field is the report becomes useless.
Any suggestions?