Reporting on who has admin rights

New Contributor III

Hey all-

We are removing admin rights from most of our users, but I am trying to figure out who still has admin rights. Is there a good way to get a report from the JSS listing what computers have users with admin rights? Ideally I would like to exclude our local admin account and possibly my account.

I thought making a smart group would be the way to go, because then I could scope a policy to remove those admin rights, but there does not seem to be a way to search on the accounts on the machine. Am I missing something?

Thanks for the help,

Benji Bergstein
Client Strategies
Benji.Bergstein at<mailto:Benji.Bergstein at>
412.963.6200 x21386


Valued Contributor II

Can be accomplished through a little scripting/maybe an extension attribute...
On Jun 24, 2011, at 1:49 PM, Bergstein, Benji wrote:

dscl . read /Groups/admin | grep GroupMembership

Honored Contributor