This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Archive
- Unauthorized Administrators query change request
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 12:20 AM
I'd like to recommend changing the Unauthorized Administrators report to display the Groupname field before the Domainname field. Domainname and Username are associated with one another (i.e., domainname\username) and having Groupname between them is distracting. Was like this in 3.5.2 and I manually changed the query.
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-02-2010 04:39 PM
The fix is implemented in the latest beta (2 March)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 04:26 PM
Screen shot is attached. I suggest this as the out of the box query.
Taking a closer look at the query I just realized that it assumes that an administrator in one domain is also considered authorized in another. The WHERE clause in the query is written like this:
WHERE (dbo.tblUsersInGroup.Groupname LIKE 'adm%')
AND (NOT (dbo.tblUsersInGroup.Username IN
(SELECT AdminName
FROM dbo.tsysadmins)))
But in dbo.tsysadmins you define authorized administrators with a Domain and AdminName. The query completely ignores the Domain name.
For example if you had two domains called DOM1 and DOM2. If you had a user called asmith in both domains, but they were only an authorized administrator in DOM1, if they showed up in an Administrator group in DOM2, the query would exclude them.
One more short-coming is that if there are any groups in the domain that start with "Adm" they also get included in the query results. It seems UsersInGroups table includes all domain groups.
This logic should probably be revisited.
Taking a closer look at the query I just realized that it assumes that an administrator in one domain is also considered authorized in another. The WHERE clause in the query is written like this:
WHERE (dbo.tblUsersInGroup.Groupname LIKE 'adm%')
AND (NOT (dbo.tblUsersInGroup.Username IN
(SELECT AdminName
FROM dbo.tsysadmins)))
But in dbo.tsysadmins you define authorized administrators with a Domain and AdminName. The query completely ignores the Domain name.
For example if you had two domains called DOM1 and DOM2. If you had a user called asmith in both domains, but they were only an authorized administrator in DOM1, if they showed up in an Administrator group in DOM2, the query would exclude them.
One more short-coming is that if there are any groups in the domain that start with "Adm" they also get included in the query results. It seems UsersInGroups table includes all domain groups.
This logic should probably be revisited.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 09:42 AM
Could you post a screenshot of how you should like it?
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Query if current logged user is a local admin in Reports & Analytics
- authorized administrators( in Reports & Analytics
- Unauthorized Administrators report issue in Reports & Analytics
- Editing built-in report: "Unauthorized administrators" to show if user is Enabled in AD in Reports & Analytics
- Unauthorized administrators report wrong in General Discussions
