Windows Administrator Group Review

This topic contains 2 replies, has 3 voices, and was last updated by  Rob Simmers 1 month ago.

  • Author
  • #100825

    Kaustubh Kumar

    Windows Administrator Group Review
    Review the Windows Administrator group membership for the following properties:
    1. No local or domain individual user accounts are present except those required for GICOE or Citrix team operations.
    2. No local or domain Raw SID entries are present.
    3. Empower global groups are present.
    4. No Empower local user or local IT groups are present.
    5. Platform support team group(s) are present.
    6. Modify the Administrator group membership as necessary to conform to the bullets above.
    7. Attach before/after screen shots.

    NOTE: Any Local accounts that start with "CTX_" are for Citrix team operations. The "LocAdm" account is for GICOE. These accounts MUST NOT be deleted.

    Can someone assist me on this please?

  • #100837


    What code have you started with? Where are you running into issues?

  • #100911

    Rob Simmers

    You could certainly write a script to "audit" Citrix servers with Powershell, but if you know that you only want GroupX, GroupY and GroupZ to be local administrators on your servers, why not create a GPO to force those settings on a OU designated for Citrix servers? This would overwrite anything already in local administrators and ensure compliance as the GPO will be authoratative.

You must be logged in to reply to this topic.