Kaseya Community

Local Admin Rights

  • Is kaseya able to pull who has local admin rights on a PC?

    Thanks
    Kerry

    Legacy Forum Name: Local Admin Rights,
    Legacy Posted By Username: kerrya
  • http://community.kaseya.com/xsp/f/132/t/10188.aspx



    The key word in the search was Audit (took me a while to find it, and I could remember seeing it).



    Basically, you're using the "net" command to spit out the member of the local admin group



    net localgroup administrators



    The script in the linked post will dump it into your agent log.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: dwujcik
  • thanks for the reply. I will give this a try.

    Kerry

    Legacy Forum Name: How-To,
    Legacy Posted By Username: kerrya
  • Hi

    I use this to get what's there now. (lynxtemp is the variable name of our Kaseya temp folder)


    Script Name: 5.4.1.1 Local Administrators Membership Pt1
    Script Description: [GMC]
    Writes the membership of the local administrators group account to a log file #lynxtemp#\local_administrators_membership.log. Get File and upload to KServer

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : lynxtemp
    OS Type : 0
    Execute Shell Command
    Parameter 1 : net localgroup administrators >> #lynxtemp#\local_administrators_membership.log
    Parameter 2 : 1
    OS Type : 0
    Get File
    Parameter 1 : #lynxtemp#\local_administrators_membership.log
    Parameter 2 : ..\Docs\LocalAdmins\local_administrators_membership.log
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : 5.4.1.1 Local Administrators Group Membership was tested for changes
    OS Type : 0
    ELSE




    If you want to monitor changes, I use a 2 part script and the Get File Alert under Monitoring.

    Run this every hour (or whenenever)

    Script Name: 5.4.1.1 Local Administrators Membership Pt1
    Script Description: [GMC]
    Writes the membership of the local administrators group account to a log file #lynxtemp#\local_administrators_membership.log. Get File and upload to KServer

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : lynxtemp
    OS Type : 0
    Execute Shell Command
    Parameter 1 : net localgroup administrators >> #lynxtemp#\local_administrators_membership.log
    Parameter 2 : 1
    OS Type : 0
    Get Variable
    Parameter 1 : 1
    Parameter 2 : #lynxtemp#\local_administrators_membership.log
    Parameter 3 : admins
    OS Type : 0
    Get File
    Parameter 1 : #lynxtemp#\local_administrators_membership.log
    Parameter 2 : ..\Docs\LocalAdmins\local_administrators_membership.log
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Local Administrators Group Membership was tested for changes
    OS Type : 0
    ELSE


    Then, you set the Get File monitoring Alert to either alarm or e-mail, or as I do call a script which sends me a custom e-mail, which conatins the contents of the log file. We use standard membership of our local Admin accounts, and grant membership from our Server, so we don;t want anybody editing local membership at all. It's hard to police.

    http://macnamaratech.blogspot.com/2010/07/administrator-privileges-control-and.html

    Geoff

    Legacy Forum Name: How-To,
    Legacy Posted By Username: geoff@lynxcomputing.com