Windows Administrator Group Review

Welcome Forums General PowerShell Q&A Windows Administrator Group Review

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
7 months ago.

  • Author
    Posts
  • #100825

    Participant
    Points: 12
    Rank: Member

    Windows Administrator Group Review
    Review the Windows Administrator group membership for the following properties:
    1. No local or domain individual user accounts are present except those required for GICOE or Citrix team operations.
    2. No local or domain Raw SID entries are present.
    3. Empower global groups are present.
    4. No Empower local user or local IT groups are present.
    5. Platform support team group(s) are present.
    6. Modify the Administrator group membership as necessary to conform to the bullets above.
    7. Attach before/after screen shots.

    NOTE: Any Local accounts that start with "CTX_" are for Citrix team operations. The "LocAdm" account is for GICOE. These accounts MUST NOT be deleted.

    Can someone assist me on this please?

  • #100837
    Jon

    Participant
    Points: 37
    Rank: Member

    What code have you started with? Where are you running into issues?

  • #100911

    Participant
    Points: 342
    Helping Hand
    Rank: Contributor

    You could certainly write a script to "audit" Citrix servers with Powershell, but if you know that you only want GroupX, GroupY and GroupZ to be local administrators on your servers, why not create a GPO to force those settings on a OU designated for Citrix servers? This would overwrite anything already in local administrators and ensure compliance as the GPO will be authoratative.

The topic ‘Windows Administrator Group Review’ is closed to new replies.