Help

Reporting on who has admin rights

bbergstein
New Contributor III

Posted on ‎06-24-2011 11:49 AM

Hey all-

We are removing admin rights from most of our users, but I am trying to figure out who still has admin rights. Is there a good way to get a report from the JSS listing what computers have users with admin rights? Ideally I would like to exclude our local admin account and possibly my account.

I thought making a smart group would be the way to go, because then I could scope a policy to remove those admin rights, but there does not seem to be a way to search on the accounts on the machine. Am I missing something?

Thanks for the help,

Benji Bergstein
Client Strategies
Benji.Bergstein at gianteagle.com<mailto:Benji.Bergstein at gianteagle.com>
412.963.6200 x21386

0 Kudos
Reply
2 REPLIES 2

RobertHammen
Valued Contributor II

Posted on ‎06-24-2011 12:12 AM

Can be accomplished through a little scripting/maybe an extension attribute...
On Jun 24, 2011, at 1:49 PM, Bergstein, Benji wrote:

dscl . read /Groups/admin | grep GroupMembership

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎06-26-2011 07:29 PM

check this out

http://www.casperadmins.com/index.php?threads/detect-local-admin-script-extension-attribute.16/

0 Kudos
Reply