Collect Windows Administrators (Local Admins and Groups)

Even though BMC Asset Core has an Operational Rule to collect Local Users (Security Inventory) currently, it is not the most efficient and may not return any results when trying to collect Domain Accounts. If your environment has set either Domain Users or Authenticated Users as groups set in the Users Groups then Asset Core will attempt to enumerate all the domain accounts for that group. This rule also does not target specific groups. Below is a tutorial that will allow you to create your own set of steps to collect both users and groups assigned to the Administrators Group.

  1. Create a New Rule and call it “Get All Local Admins (Windows)”
  2. Add a Step(s)

1)      Check Operating System

i.     This verifies that you are running on Windows OS

2)      Create Directory

i.     Make sure the directory exist by creating one

3)      Delete Files

i.     Since this can be run multiple times, delete file if exists

ii.     Admins.txt is the file we create

4)      Execute Program (Software Deploy Module Required)

i.     cmd /c for /F “tokens=*” %A in (‘net localgroup administrators’) do (if not “%A” EQU “The command completed successfully.” (echo %A >> c:\temp\admins.txt))

ii.     This could also be run as a bat file but this saves a step and does not require building a software package.

iii.     Select “Run in Background” and “Run in Context”

5)      Wait

i.     To ensure that the file has time to be created use the “wait” step

ii.     Set for 10 seconds

6)      Delete Line

i.     Because the result of “net localgroup administrators” puts in extra rows that we do not need or want we remove them using this step.

7)      Delete Line

8)      Delete Line

9)      Delete Line

10)   File Analysis via Regular Expression

i.     This step will allow us to collect each row in the file and put into custom inventory

ii.     Use (\w.*) as the REGEX

1. \w collects all characters

11)   Update Custom Inventory

i.     Because the File Analysis via Regular expression is under Custom Inventory this must be run in order to immediately update and upload the results to be visible in the console.

 

This is what the steps will look like when complete:

Steps

Steps


 
 
 
 
 
 
 
 
 
 
 
 
Check OS

Check OS


 
 
 
 
 
 
 
 
 
 
Execute Program

Execute Program


 
 
 
 
 
 
 
 
 
 
 
 
 
Delete Line

Delete Line


 
 
 
 
 
 
 
 
 
 
 
 
Regular Expression

Regular Expression


 
 
 
 
 
 
 
 
 
 
 
 
 

Once you test this against a few Windows Clients then it can be run against all devices with an agent. The inventory object is located under Inventory > Custom > Administrators.

This tutorial demonstrates the flexibility the Asset core provides to accomplish most any task! 
Steven R. Gibbs
Sr. Systems Consultant

2014-03-11T15:00:31+00:00March 11th, 2014|FPAC|