Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 12:20 AM
I'd like to recommend changing the Unauthorized Administrators report to display the Groupname field before the Domainname field. Domainname and Username are associated with one another (i.e., domainname\username) and having Groupname between them is distracting. Was like this in 3.5.2 and I manually changed the query.
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-02-2010 04:39 PM
The fix is implemented in the latest beta (2 March)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 04:26 PM
Screen shot is attached. I suggest this as the out of the box query.
Taking a closer look at the query I just realized that it assumes that an administrator in one domain is also considered authorized in another. The WHERE clause in the query is written like this:
WHERE (dbo.tblUsersInGroup.Groupname LIKE 'adm%')
AND (NOT (dbo.tblUsersInGroup.Username IN
(SELECT AdminName
FROM dbo.tsysadmins)))
But in dbo.tsysadmins you define authorized administrators with a Domain and AdminName. The query completely ignores the Domain name.
For example if you had two domains called DOM1 and DOM2. If you had a user called asmith in both domains, but they were only an authorized administrator in DOM1, if they showed up in an Administrator group in DOM2, the query would exclude them.
One more short-coming is that if there are any groups in the domain that start with "Adm" they also get included in the query results. It seems UsersInGroups table includes all domain groups.
This logic should probably be revisited.
Taking a closer look at the query I just realized that it assumes that an administrator in one domain is also considered authorized in another. The WHERE clause in the query is written like this:
WHERE (dbo.tblUsersInGroup.Groupname LIKE 'adm%')
AND (NOT (dbo.tblUsersInGroup.Username IN
(SELECT AdminName
FROM dbo.tsysadmins)))
But in dbo.tsysadmins you define authorized administrators with a Domain and AdminName. The query completely ignores the Domain name.
For example if you had two domains called DOM1 and DOM2. If you had a user called asmith in both domains, but they were only an authorized administrator in DOM1, if they showed up in an Administrator group in DOM2, the query would exclude them.
One more short-coming is that if there are any groups in the domain that start with "Adm" they also get included in the query results. It seems UsersInGroups table includes all domain groups.
This logic should probably be revisited.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-26-2010 09:42 AM
Could you post a screenshot of how you should like it?
