This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Allowed Administrators

mrdaytrade
Engaged Sweeper III

‎03-05-2010 04:17 PM

In version 3.5.2.16 I was able to enter an * in the domain column so the local admin accounts on the box would not appear in the Unauthorized Admin report. However, in 4.0 when I enter an * in the domain column and an admin name in the other column it still keeps that admin account in the report.
Labels:
0 Kudos
16 REPLIES 16
Ed_Thibert
Engaged Sweeper

‎03-18-2010 06:03 PM

That works perfectly for me.
0 Kudos
mrdaytrade
Engaged Sweeper III

‎03-18-2010 06:02 PM

Nice! Works like a charm. The % wildcard did the trick. The % wilcard now offers the ability to keep the report as first built or to filter out the local admin on the pc's.
0 Kudos
Hemoco
Lansweeper Alumni

‎03-18-2010 03:36 PM

Please change the report into the sql below.
This will allow for "%" wildcard in the computer field.

Let me know if this is what you want.

SELECT      TOP 1000000 dbo.tblComputers.ComputerUnique, dbo.tblUsersInGroup.Computername, dbo.tblComputers.Domain, 
                        dbo.tblOperatingsystem.Description, dbo.tblUsersInGroup.Domainname, dbo.tblUsersInGroup.Username, dbo.tblUsersInGroup.Lastchanged, 
                        dbo.Web40OSName.Compimage AS icon
FROM          dbo.tblUsersInGroup INNER JOIN
                        dbo.tblComputers ON dbo.tblUsersInGroup.Computername = dbo.tblComputers.Computername INNER JOIN
                        dbo.tblOperatingsystem ON dbo.tblComputers.Computername = dbo.tblOperatingsystem.Computername INNER JOIN
                        dbo.web40ActiveComputers ON dbo.tblComputers.Computername = dbo.web40ActiveComputers.Computername INNER JOIN
                        dbo.Web40OSName ON dbo.Web40OSName.Computername = dbo.tblComputers.Computername LEFT OUTER JOIN
                            (SELECT DISTINCT *
                              FROM           (SELECT      dbo.tblComputers.Computer AS Domain, dbo.tblUsers.Name AS Username
                                                       FROM           dbo.tblComputers INNER JOIN
                                                                               dbo.tblUsers ON dbo.tblComputers.Computername = dbo.tblUsers.Computername
                                                       WHERE       dbo.tblUsers.BuildInAdmin = 1
                                                       UNION
                                                       SELECT      tsysadmins.Domain, tsysadmins.AdminName AS username
                                                       FROM          tsysadmins) DERIVEDTBL) localadmins ON dbo.tblUsersInGroup.Domainname LIKE localadmins.Domain AND 
                        dbo.tblUsersInGroup.Username = localadmins.Username
WHERE      (localadmins.Domain IS NULL) AND (localadmins.Username IS NULL) AND (dbo.tblUsersInGroup.Admingroup = 1)
ORDER BY dbo.tblComputers.Computer
0 Kudos
sebouh
Engaged Sweeper

‎03-06-2010 12:38 AM

You could also leave the query the way it is and just write a custom query that only tells you when the local Administrator account is not called what it should be. Here is that query:

SELECT
dbo.tblComputers.Computer, dbo.tblUsers.Name AS Username
FROM
dbo.tblComputers INNER JOIN dbo.tblUsers ON
dbo.tblComputers.Computername = dbo.tblUsers.Computername
WHERE
(dbo.tblUsers.BuildInAdmin = 1) and (dbo.tblUsers.Name <> 'Administrator')


You just need to change 'Administrator' to whatever you want the name to be.

Sebouh

0 Kudos
mrdaytrade
Engaged Sweeper III

‎03-06-2010 12:10 AM

You read my mind! I was just thinking the same thing. I'll do that.
0 Kudos
mrdaytrade
Engaged Sweeper III

‎03-05-2010 09:32 PM

I actualy liked it the old way (3.5). This was where we were able to see the computers on the domain that still have a local admin account with the name Administrator... this is a big no no, and we always were able to detect the PC and correct the situation. Now, 4.0 takes that out of the report without anyway to change that. We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.
0 Kudos
Hemoco
Lansweeper Alumni
In response to mrdaytrade

‎03-06-2010 11:20 AM

mrdaytrade wrote:
We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.

Take a look at report "Computer: Local administrator account name"
0 Kudos
sebouh
Engaged Sweeper
In response to mrdaytrade

‎03-05-2010 11:27 PM

mrdaytrade wrote:
I actualy liked it the old way (3.5). This was where we were able to see the computers on the domain that still have a local admin account with the name Administrator... this is a big no no, and we always were able to detect the PC and correct the situation. Now, 4.0 takes that out of the report without anyway to change that. We have several departments that span across the state, this was a handy way of seeing who was forgetting to rename or delete and add the new admin account.


I think the best course of action is for you to is to create a custom report in 4.0 that uses the original query from 3.5.2.

Sebouh
0 Kudos
Hemoco
Lansweeper Alumni

‎03-05-2010 06:33 PM

See this post : http://www.lansweeper.com/forum/yaf_postst2981_Unauthorized-Administrators-query-change-request.aspx
The query in 3.5 is actually wrong (sebouh is correct)

The local buildin admin ends with -500

http://support.microsoft.com/kb/243330
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now