This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Allowed Administrator, odd issue

GMFDE
Engaged Sweeper III

‎09-06-2013 06:15 PM

One of our company policies is that no one is allowed to have their normal user ID in the local machine admin group. However, we do allow for some exceptions and have a request process in place that lets us track these exceptions. It has come to me to start generating reports of users that have somehow managed to get their user ID into the local machine admin group without requesting an exception. The "Computer: Unauthorized Administrators" report seems perfect for this task. However, I've run into the issue described next.

When adding Administrator Names to the list, it appears the only way I can get it to work is by putting just a % in the Domain/Computer field.

I've tried too many variants to list but some of them are:

MYDOMAIN/COMPUTERNAME
mycomputer.fqdn
%MYCOMPUTERNAME%


I've also tried using the full AD name for the "Administrator Name" such as: ADDOMAIN\USERID.

Obviously, the desired goal would be to have one entry for the computer name with one entry for the matching user ID. Even in the case of where a user has multiple machines that he is authorized to be local admin, it seems I should be able to accommodate this. What happens now when I put the single % in the field is the report becomes useless.

Any suggestions?



Labels:
0 Kudos
6 REPLIES 6
GMFDE
Engaged Sweeper III

‎09-18-2013 08:43 PM

Sigh,

Ok, this is now the third item I've identified that used to work in previous versions that no longer works in current versions.

Thinking our investment in your product might have been short-sighted.
0 Kudos
Hemoco
Lansweeper Alumni
In response to GMFDE

‎09-19-2013 11:34 AM

GMFDE wrote:
Sigh,

Ok, this is now the third item I've identified that used to work in previous versions that no longer works in current versions.

Thinking our investment in your product might have been short-sighted.

Admin authorization has always worked like this, in Lansweeper 4.2 as well.
0 Kudos
Hemoco
Lansweeper Alumni

‎09-18-2013 07:06 PM

Please note that you cannot authorize domain accounts for specific computers. This is not currently supported. You can only authorize:
- A local user account for a specific computer.
- A domain account for an entire domain.
0 Kudos
GMFDE
Engaged Sweeper III

‎09-18-2013 05:31 PM

Casus71,

Gave it a try but no joy.

Tried several variations as well, again with no luck.

Any chance of a Dev remarking on this?
0 Kudos
GMFDE
Engaged Sweeper III

‎09-18-2013 05:22 PM

Casus71,

Thanks, I'll give that a try and let the forum know if it worked.
0 Kudos
Casus71
Engaged Sweeper

‎09-18-2013 04:51 PM

Freshly after installing Lansweeper 5 I'm facing similar dilemma: trying to tell Lansweeper about domain users/groups administrating not all domains but only selected computers.

BTW I'm pretty much surprised with changes in Lansweeper except for chronic imperfection mentioned above.

IIRC a few years ago (in Lansweeper 3.x) I was using for that purpose values like "domainname\username", probably with some modyfication of report "Computer: Unauthorized Administrators".

Sugestion may be like this: use usernames in form "domainname\username", folowing SQL from report "Computer: Unauthorized Administrators" make better one, and remember, don't upgrade Lansweeper if modyfication succeded! ;-]
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now