Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE
Stealthbits

Stealthbits ProTip: Expanding the Local Administrators Report

Blog >Stealthbits ProTip: Expanding the Local Administrators Report
STEALTHbits ProTip, STEALTHbits Blog
The Local Administrators Report is a great report available to users of our Systems Governance Solution set, but focusing solely on Local Admins may not be the complete picture. The Local Administrators job (SG_LocalAdmins) uses our USERSGROUPS Data Collector. While scoped by default to only look for that local groups members, the Data Collector can be set to bring back other local groups as well. This can simply be done as follows:Within the Jobs tree navigate to System Governance > Privileged Accounts > Local Administrators > SG_LocalAdmins, expand the Configure node and Select Queries:Job QueryDouble-Click the Direct Membership Query, or Select it then click Query Properties. Select configure in the pop-up window to view the USERSGROUPS GUI. Clicking the ellipses (…) under “All users in the following groups:” allows you to Select the relevant groups you would like to include with the collection, seen here:

StealthAUDIT - User and Groups Editor

Connecting to a blank host brings back local groups, and can be scoped to hosts with known desired groups to be included. I personally like to include Backup Operators and Remote Desktop Users to get richer audit results. Save the settings and include the new groups within the Expand Effective Membership analysis located within the Configure > Analysis of the same job. The WHERE statement needs to be changed from ‘=’ to ‘IN’ with a parenthesis around the desired group names like I’ve done below:

StealthAUDIT - SQL Script Editor

Save and Close, and finally run as usual. Now our report will contain those new groups and can be filtered/scoped as desired:

StealthAUDIT - Membership Details Report

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Loading

Featured Asset

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL