cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mrdaytrade
Engaged Sweeper III
In version 3.5.2.16 I was able to enter an * in the domain column so the local admin accounts on the box would not appear in the Unauthorized Admin report. However, in 4.0 when I enter an * in the domain column and an admin name in the other column it still keeps that admin account in the report.
16 REPLIES 16
Ed_Thibert
Engaged Sweeper
That works perfectly for me.
mrdaytrade
Engaged Sweeper III
Nice! Works like a charm. The % wildcard did the trick. The % wilcard now offers the ability to keep the report as first built or to filter out the local admin on the pc's.
Hemoco
Lansweeper Alumni
Please change the report into the sql below.
This will allow for "%" wildcard in the computer field.

Let me know if this is what you want.

SELECT      TOP 1000000 dbo.tblComputers.ComputerUnique, dbo.tblUsersInGroup.Computername, dbo.tblComputers.Domain, 
dbo.tblOperatingsystem.Description, dbo.tblUsersInGroup.Domainname, dbo.tblUsersInGroup.Username, dbo.tblUsersInGroup.Lastchanged,
dbo.Web40OSName.Compimage AS icon
FROM dbo.tblUsersInGroup INNER JOIN
dbo.tblComputers ON dbo.tblUsersInGroup.Computername = dbo.tblComputers.Computername INNER JOIN
dbo.tblOperatingsystem ON dbo.tblComputers.Computername = dbo.tblOperatingsystem.Computername INNER JOIN
dbo.web40ActiveComputers ON dbo.tblComputers.Computername = dbo.web40ActiveComputers.Computername INNER JOIN
dbo.Web40OSName ON dbo.Web40OSName.Computername = dbo.tblComputers.Computername LEFT OUTER JOIN
(SELECT DISTINCT *
FROM (SELECT dbo.tblComputers.Computer AS Domain, dbo.tblUsers.Name AS Username
FROM dbo.tblComputers INNER JOIN
dbo.tblUsers ON dbo.tblComputers.Computername = dbo.tblUsers.Computername
WHERE dbo.tblUsers.BuildInAdmin = 1
UNION
SELECT tsysadmins.Domain, tsysadmins.AdminName AS username
FROM tsysadmins) DERIVEDTBL) localadmins ON dbo.tblUsersInGroup.Domainname LIKE localadmins.Domain AND
dbo.tblUsersInGroup.Username = localadmins.Username
WHERE (localadmins.Domain IS NULL) AND (localadmins.Username IS NULL) AND (dbo.tblUsersInGroup.Admingroup = 1)
ORDER BY dbo.tblComputers.Computer
sebouh
Engaged Sweeper
You could also leave the query the way it is and just write a custom query that only tells you when the local Administrator account is not called what it should be. Here is that query:

SELECT
dbo.tblComputers.Computer, dbo.tblUsers.Name AS Username
FROM
dbo.tblComputers INNER JOIN dbo.tblUsers ON
dbo.tblComputers.Computername = dbo.tblUsers.Computername
WHERE
(dbo.tblUsers.BuildInAdmin = 1) and (dbo.tblUsers.Name <> 'Administrator')


You just need to change 'Administrator' to whatever you want the name to be.

Sebouh

mrdaytrade
Engaged Sweeper III
You read my mind! I was just thinking the same thing. I'll do that.
mrdaytrade
Engaged Sweeper III
I actualy liked it the old way (3.5). This was where we were able to see the computers on the domain that still have a local admin account with the name Administrator... this is a big no no, and we always were able to detect the PC and correct the situation. Now, 4.0 takes that out of the report without anyway to change that. We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.
Hemoco
Lansweeper Alumni
mrdaytrade wrote:
We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.

Take a look at report "Computer: Local administrator account name"
mrdaytrade wrote:
I actualy liked it the old way (3.5). This was where we were able to see the computers on the domain that still have a local admin account with the name Administrator... this is a big no no, and we always were able to detect the PC and correct the situation. Now, 4.0 takes that out of the report without anyway to change that. We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.


I think the best course of action is for you to is to create a custom report in 4.0 that uses the original query from 3.5.2.

Sebouh
Hemoco
Lansweeper Alumni
See this post : http://www.lansweeper.com/forum/yaf_postst2981_Unauthorized-Administrators-query-change-request.aspx
The query in 3.5 is actually wrong (sebouh is correct)

The local buildin admin ends with -500

http://support.microsoft.com/kb/243330