This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Windows: Unauthorized Administrators (Built-in)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-20-2014 12:53 PM
Old name: Computer: Unauthorized Administrators (Built-in)
The report below lists unauthorized members of your Windows computers' local administrator group, users that have not been marked as authorized under Configuration\User Pages in the web console. More info on the admin authorization feature can be found in this knowledge base article.
The report will only list assets that meet all of the following criteria:
The report below lists unauthorized members of your Windows computers' local administrator group, users that have not been marked as authorized under Configuration\User Pages in the web console. More info on the admin authorization feature can be found in this knowledge base article.
The report will only list assets that meet all of the following criteria:
- The asset state is set to "active".
- The asset has been successfully scanned at least once.
- The asset is a Windows computer.
- The Windows computer has an admin who is not built-in and who is not on the list of authorized admins under Configuration\User Pages.
SELECT Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblUsersInGroup.Domainname as unauthorizedDomain,
tblUsersInGroup.Username as unauthorizedUser,
tblUsersInGroup.Lastchanged
FROM tblAssets
Inner Join tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
WHERE
(NOT EXISTS ( SELECT tblAssets.AssetName AS Domain, tblUsers.Name AS Username FROM tblAssets INNER JOIN tblUsers ON tblAssets.AssetID = tblUsers.AssetID
WHERE (Case tblUsers.BuildInAdmin when 1 then 'Yes' else 'No' end) = 'Yes' AND (tblUsersInGroup.Domainname = tblAssets.AssetName) AND (tblUsersInGroup.Username = tblUsers.Name))
AND NOT EXISTS( SELECT Domain, AdminName AS username FROM tsysadmins WHERE (tblUsersInGroup.Domainname LIKE Domain) AND (tblUsersInGroup.Username LIKE AdminName)))
AND (Case tblUsersInGroup.Admingroup when 1 then 'Yes' else 'No' end) = 'Yes'
AND tblState.Statename = 'Active'
Order By tblAssets.Domain, tblAssets.AssetName
Labels:
- Labels:
-
Built-In Reports
-
Report Center
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi, I really like your report. I would like to show only the unauthorized administrators, considering up to 3 or 4 levels of group nesting.
For example, I have GroupA, which is a member of Administrators, GroupB, which is a member of GroupA, and User1, who is a member of GroupB.
I know Lansweeper allows adding authorized users and groups manually, but I would prefer not to add all of them by hand.
Could you please help me with this? Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2020 09:01 PM
Here is my change to our query to allow the ability to authorize domain user for specific computer:
SELECT TOP 1000000 tsysOS.IMAGE AS icon
,tblAssets.AssetID
,tblAssets.AssetName
,tblUsersInGroup.Domainname
,tblUsersInGroup.Username
,tblUsersInGroup.Lastchanged
,tblAssets.Domain
,tblAssets.IPAddress
,tblAssets.Description
,tblAssetCustom.Manufacturer
,tblAssetCustom.Model
,tblAssetCustom.Location
,tsysIPLocations.IPLocation
,tsysOS.OSname AS OS
,tblAssets.SP AS SP
,tblAssets.Firstseen
,tblAssets.Lastseen
FROM tblUsersInGroup
INNER JOIN tblAssets ON tblUsersInGroup.AssetID = tblAssets.AssetID
INNER JOIN tblAssetCustom ON tblAssets.AssetID = tblAssetCustom.AssetID
INNER JOIN tsysOS ON tblAssets.OScode = tsysOS.OScode
LEFT JOIN tsysIPLocations ON tsysIPLocations.StartIP <= tblAssets.IPNumeric
AND tsysIPLocations.EndIP >= tblAssets.IPNumeric
WHERE NOT EXISTS (
SELECT tblAssets.AssetName AS Domain
,tblUsers.Name AS Username
FROM tblAssets
INNER JOIN tblUsers ON tblAssets.AssetID = tblUsers.AssetID
WHERE tblUsers.BuildInAdmin = 1
AND tblUsersInGroup.Domainname = tblAssets.AssetName
AND tblUsersInGroup.Username = tblUsers.Name
)
AND NOT EXISTS (
SELECT tsysadmins.Domain
,tsysadmins.AdminName AS username
FROM tsysadmins
WHERE ( tblUsersInGroup.Domainname LIKE tsysadmins.Domain
AND tblUsersInGroup.Username LIKE tsysadmins.AdminName )
OR ( tblassets.AssetName LIKE tsysadmins.Domain
AND tblUsersInGroup.Username LIKE tsysadmins.AdminName )
)
AND tblUsersInGroup.Admingroup = 1
AND tblAssetCustom.STATE = 1
ORDER BY tblAssets.AssetName
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-12-2019 09:13 PM
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-12-2019 09:56 PM
bnishan wrote:
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.
This is what I came up with. Just replace %DOMAIN% with your domain.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Where tblUsersInGroup.Username != 'Administrator' And
tblUsersInGroup.Groupname = 'Administrators' And
Not Exists(Select tsysadmins.Domain,
tsysadmins.AdminName From tsysadmins
Where (tblAssets.AssetName Like tsysadmins.Domain Or
tsysadmins.Domain Like '%DOMAIN%') And tblUsersInGroup.Username Like
tsysadmins.AdminName)
Order By tblAssets.AssetName
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-12-2019 10:02 PM
Lancreeper wrote:bnishan wrote:
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.
This is what I came up with. Just replace %DOMAIN% with your domain.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Where tblUsersInGroup.Username != 'Administrator' And
tblUsersInGroup.Groupname = 'Administrators' And
Not Exists(Select tsysadmins.Domain,
tsysadmins.AdminName From tsysadmins
Where (tblAssets.AssetName Like tsysadmins.Domain Or
tsysadmins.Domain Like '%DOMAIN%') And tblUsersInGroup.Username Like
tsysadmins.AdminName)
Order By tblAssets.AssetName
Thanks, worked like a charm
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 10:32 PM
The KB article states "Authorizing a domain user for a specific computer is not currently possible." Is this possible using a different query?
Reports & Analytics
Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Unauthorized administrators with 3 levels in Reports & Analytics
- Internet Explorer 11 reported even after removing it in Reports & Analytics
- authorized administrators( in Reports & Analytics
- Unauthorized Administrators report issue in Reports & Analytics
- Editing built-in report: "Unauthorized administrators" to show if user is Enabled in AD in Reports & Analytics
