asked on

Detection Tool for Privileged Accounts

due of history,in our enterprise we have all kinds of accounts mixed up.

Domain Admin must be removed from Local Admin
and Domain Admin groups must be removed from workstation and server local administrator group

etc.

is there a tool that detects all those accounts "hidden" in an environment?

further: i need to reset the PW on all those accounts once found,that tool should be able to do that

SOLUTION

kevinhsieh

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Rich Rumble

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

DukewillNukem

ASKER

"Microsoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups."

Rich Rumble

You would use Restricted groups to remove any other user/group who isn't User-x or in Group-X... You will be resetting the local administrator group to what you want it to be. If you want Domain Admins to be the only ones in the local administrators, then you can do that, if you want JSmith to be the only local admin, you can do that...
-rich

DukewillNukem

ASKER

whats the easiest way to accomplish that?

ASKER CERTIFIED SOLUTION

Rich Rumble

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial