Windows Administrator Group Review

kumarkaustubh · May 18, 2018, 12:09pm

Windows Administrator Group Review
Review the Windows Administrator group membership for the following properties:

No local or domain individual user accounts are present except those required for GICOE or Citrix team operations.
No local or domain Raw SID entries are present.
Empower global groups are present.
No Empower local user or local IT groups are present.
Platform support team group(s) are present.
Modify the Administrator group membership as necessary to conform to the bullets above.
Attach before/after screen shots.

NOTE: Any Local accounts that start with “CTX_” are for Citrix team operations. The “LocAdm” account is for GICOE. These accounts MUST NOT be deleted.

Can someone assist me on this please?

sanchez · May 18, 2018, 12:32pm

What code have you started with? Where are you running into issues?

rob-simmers · May 20, 2018, 2:54pm

You could certainly write a script to “audit” Citrix servers with Powershell, but if you know that you only want GroupX, GroupY and GroupZ to be local administrators on your servers, why not create a GPO to force those settings on a OU designated for Citrix servers? This would overwrite anything already in local administrators and ensure compliance as the GPO will be authoratative.

Topic		Replies	Views
Removing non admin accounts from server admin group PowerShell Help	3	188	May 16, 2024
Automation of local server admin group membership PowerShell Help	7	316	May 16, 2024
Only enable user from Administrator Group PowerShell Help	3	421	May 16, 2024
Expanding group members in Administrators Group PowerShell Help	5	293	May 16, 2024
DSC group resource can't remove domain user from local administrators group DSC	11	306	May 16, 2024

Windows Administrator Group Review

Related topics