Custom report - local admin and local group membership of servers

Hi guys,

I need to produce a report that used to be present in Quest Reporter (which is now end of life) which checks the local admin and local group membership of servers within our organization.

It would need to exclude system based accounts or the authenticated user accounts so it only captures users and groups that have been added.

 

Is this possible at all within Enterprise Reporter? we are running version 2.5.1 build 200.

 

Many thanks,

 

Mo.

  • Hello Mohammed

    We're reviewing the request and will get back to you soon

    Regards

    Ivan
  • Hello Mohammed

    Do I correctly understand that you need a report based on Computer's Local Groups with Members report to show group membership for the selected computer?
    The Well-Known system accounts like SYSTEM, EVERYONE, LOCAL SERVICE, AUTHENTICATED USERS, etc.should be excluded.
    If it is correct, this report is possible.

    Regards
    Ivan
  • In reply to IvanK:

    Hello Ivan,

    Yes that is correct, we would need to be able to point the report to multiple OU's so it can check against the servers that reside under it and base the report of those systems.

    The requirement is to ensure it captures AD accounts/Security groups that are part of the local admin group so the team reviewing the report can find any non authorised access and remove the said user ad account or security group.

    I hope that makes sense?

    Regards,

    Mo.
  • In reply to mohammed.shah:

    Hello Mo

    Hope the following report suits your needs:
    www.quest.com/.../136

    Should you need some changes please reply here.

    Regards
    Ivan
  • In reply to IvanK:

    Hi Ivan,

    Quick question but when defining which OU to check for servers exactly what format should I use? as an example I want to scan all servers and sub OU's under Development; so would I use the following value?

    /Europe/London/Development/*

    I'm struggling to get a result at the moment, I defined the domain in the first value then used the above value to define the OU location to scan. Not sure if I am using the correct format for the report.

    Thanks,

    Mo.
  • In reply to mohammed.shah:

    Hi Mo

    You can provide canonical name for OU parameter. Something like erd01.local/Computers
    You can also use * and ? wildcards.
    You have to run both Computer and AD discoveries to get the correct results. AD discovery should include computers.

    Regards, Ivan