Hello,
using wapt enterprise 2.5.4.15342
on a Debian server
with a Windows 10 package.
As the title indicates, I deployed the tis-audit-local-admins package.
It works very well, in that it correctly reports information about local administrator users and groups.
This information is displayed in the package's audit status tab. However, the "audit status" section remains in error.
Consequently, if I try to deploy this package to all machines in the network, they will all show an audit error.
Is it possible to fix this problem within the package itself?
Or
is there an SQL query I can add to the reporting tab to retrieve the names of local administrators by PC name?
Thank you in advance.
Best regards,
[RESOLVED] tis-audit-local-admins in audit error
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Benoît,
The package allows you to define a list of authorized local admin users.
If the package finds an authorized local administrator, it won't throw an error. However, for unauthorized local administrators, they need to be removed; that's the purpose of the audit that triggers an error/warning 
Sincerely,
Denis
The package allows you to define a list of authorized local admin users.
Code: Select all
allowed_admins_list = [
rf"{get_computername()}\tisadmin",
rf"{domain_name}\tis-adm",
]
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Hello dcardon,
Thank you for your reply. I hadn't seen that list.
It does indeed solve the problem mentioned earlier.
Another question:
I have some local admin accounts that are named. This account list is likely to change.
To avoid rebuilding the package with each change, would it be possible to allow all accounts that begin with "administrator_local_"?
Regards,
Thank you for your reply. I hadn't seen that list.
It does indeed solve the problem mentioned earlier.
Another question:
I have some local admin accounts that are named. This account list is likely to change.
To avoid rebuilding the package with each change, would it be possible to allow all accounts that begin with "administrator_local_"?
Regards,
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Benoît,
the code needs to be modified at the level of
And then change the package name to prevent the console from prompting you to upgrade to the next version that will be released on the store (which would overwrite your changes)
Sincerely,
Denis
the code needs to be modified at the level of
Code: Select all
for user in admins_users:
if not user.lower() in allow_admin:
listerror.append(user)
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Good morning,
Thanks for your response.
I modified the for loop.
However, without understanding why, all admin accounts (authorized or not) were going into the error list.
I reversed the if loop, and now it works.
Thanks for your response.
I modified the for loop.
However, without understanding why, all admin accounts (authorized or not) were going into the error list.
I reversed the if loop, and now it works.
Code: Select all
listerror = []
admins_users = local_group_members(name_group_admin)
for user in admins_users:
if user.lower() in allow_admin or user.startswith(rf'{domain_name}\*********'):
pass
else:
listerror.append(user)
if listerror:
print (f'Les comptes administrateurs suivants ne sont pas autorisés :{listerror}') # Bad users in admin list:
return 'ERROR'
print('%s' % ','.join(admins_users)) # Allowed users in admin list:
return 'OK