Notification

Icon
Error

Windows: Unauthorized Administrators (Built-in)

Posted: Thursday, November 20, 2014 12:53:12 PM(UTC)
Daniel.B

Daniel.B

Member Original PosterPosts: 1,150
1
Like
Old name: Computer: Unauthorized Administrators (Built-in)

The report below lists unauthorized members of your Windows computers' local administrator group, users that have not been marked as authorized under Configuration\User Pages in the web console. More info on the admin authorization feature can be found in this knowledge base article.

The report will only list assets that meet all of the following criteria:
  • The asset state is set to "active".
  • The asset has been successfully scanned at least once.
  • The asset is a Windows computer.
  • The Windows computer has an admin who is not built-in and who is not on the list of authorized admins under Configuration\User Pages.

Code:

SELECT Top 1000000 tblAssets.AssetID,  
 tblAssets.AssetName,  
tblAssets.Domain,
 tblAssets.Username,
 tblAssets.Userdomain,
 Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
 tblAssets.IPAddress,
 tsysIPLocations.IPLocation,
 tblAssetCustom.Manufacturer,
 tblAssetCustom.Model,
 tsysOS.OSname As OS,
 tblAssets.SP,
 tblAssets.Lastseen,
 tblAssets.Lasttried,
 tblUsersInGroup.Domainname as unauthorizedDomain, 
 tblUsersInGroup.Username as unauthorizedUser,
 tblUsersInGroup.Lastchanged
FROM tblAssets 
 Inner Join tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID 
 Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
 Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
 Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID 
 Inner Join tblState On tblState.State = tblAssetCustom.State
 Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
WHERE
 (NOT EXISTS ( SELECT tblAssets.AssetName AS Domain, tblUsers.Name AS Username FROM tblAssets INNER JOIN tblUsers ON tblAssets.AssetID = tblUsers.AssetID
        WHERE (Case tblUsers.BuildInAdmin when 1 then 'Yes' else 'No' end) = 'Yes' AND (tblUsersInGroup.Domainname = tblAssets.AssetName) AND (tblUsersInGroup.Username = tblUsers.Name))
 AND NOT EXISTS( SELECT Domain, AdminName AS username FROM tsysadmins WHERE (tblUsersInGroup.Domainname LIKE Domain) AND (tblUsersInGroup.Username LIKE  AdminName)))
 AND (Case tblUsersInGroup.Admingroup when 1 then 'Yes' else 'No' end) = 'Yes' 
 AND tblState.Statename = 'Active' 
Order By tblAssets.Domain, tblAssets.AssetName
Lancreeper
#1Lancreeper Member Posts: 2  
posted: 7/29/2019 9:32:17 PM(UTC)
The KB article states "Authorizing a domain user for a specific computer is not currently possible." Is this possible using a different query?
bnishan
#2bnishan Member Posts: 3  
posted: 8/12/2019 8:13:15 PM(UTC)
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.
Lancreeper
#3Lancreeper Member Posts: 2  
posted: 8/12/2019 8:56:54 PM(UTC)
Originally Posted by: bnishan Go to Quoted Post
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.


This is what I came up with. Just replace %DOMAIN% with your domain.

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Where tblUsersInGroup.Username != 'Administrator' And
tblUsersInGroup.Groupname = 'Administrators' And
Not Exists(Select tsysadmins.Domain,
tsysadmins.AdminName From tsysadmins
Where (tblAssets.AssetName Like tsysadmins.Domain Or
tsysadmins.Domain Like '%DOMAIN%') And tblUsersInGroup.Username Like
tsysadmins.AdminName)
Order By tblAssets.AssetName
bnishan
#4bnishan Member Posts: 3  
posted: 8/12/2019 9:02:30 PM(UTC)
Originally Posted by: Lancreeper Go to Quoted Post
Originally Posted by: bnishan Go to Quoted Post
We need the ability to authorize a domain user for a specific computer. This report has very limited usefulness without that.


This is what I came up with. Just replace %DOMAIN% with your domain.

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Where tblUsersInGroup.Username != 'Administrator' And
tblUsersInGroup.Groupname = 'Administrators' And
Not Exists(Select tsysadmins.Domain,
tsysadmins.AdminName From tsysadmins
Where (tblAssets.AssetName Like tsysadmins.Domain Or
tsysadmins.Domain Like '%DOMAIN%') And tblUsersInGroup.Username Like
tsysadmins.AdminName)
Order By tblAssets.AssetName


Thanks, worked like a charm

Active Discussions

Lansweeper Report on clients with no LSAgent
by  RobertB   Go to last post Go to first unread
Last post: Yesterday at 6:55:32 PM(UTC)
Lansweeper Lansweeper report to match computer name
by  RC62N   Go to last post Go to first unread
Last post: 2/19/2020 5:02:27 PM(UTC)
Lansweeper Distinct user logins per PC
by  Bruce Garoutte   Go to last post Go to first unread
Last post: 2/17/2020 6:36:29 PM(UTC)
Lansweeper Software version report issue
by  RC62N  
Go to last post Go to first unread
Last post: 2/17/2020 4:07:20 PM(UTC)
Lansweeper Patch Tuesday - Exclude Win 2008 & Win7
by  doone128   Go to last post Go to first unread
Last post: 2/17/2020 1:34:36 PM(UTC)
Lansweeper Performance statistics combined into one report
by  djs1789  
Go to last post Go to first unread
Last post: 2/15/2020 1:50:32 AM(UTC)