Check domain users that have Local Admin rights on their PC.
Posted on 2009-05-20
I am trying to find a program or another easy way to display domain users with local admin rights on their machines. We recently migrated to Active directory and had lots of consultants helping. Some of them gave the local user admin rights to their PC. Our policy is that no one can have local admin rights. I know about using group policy to change local administrator account name. The only way that I can check this right now is to use MMC and check the Administrators group for domain credentials on every PC.
I currently use LANDESK for inventory but it only displays local admin accounts, not domain users added to the Administrators group. For example, I check the Administrators group under Local User and Groups and find DOMAIN\CURRENT.USER
I don't need to automatically remove these accounts. Just need to figure out who has these rights.
Server 2008 Active Directory
All Client PCs have XP Pro Sp3