Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] tis-audit-local-admins in audit error

https://forum.tranquil.it/viewtopic.php?t=3868

Page 1 of 1

[RESOLVED] tis-audit-local-admins in audit error

Published: April 23, 2024 - 11:45 AM
by Benoit
Hello,

using wapt enterprise 2.5.4.15342
on a Debian server
with a Windows 10 package.

As the title indicates, I deployed the tis-audit-local-admins package.
It works very well, in that it correctly reports information about local administrator users and groups.
This information is displayed in the package's audit status tab. However, the "audit status" section remains in error.
Consequently, if I try to deploy this package to all machines in the network, they will all show an audit error.

Is it possible to fix this problem within the package itself?
Or
is there an SQL query I can add to the reporting tab to retrieve the names of local administrators by PC name?

Thank you in advance.

Best regards,

Re: tis-audit-local-admins in audit error

Published: April 24, 2024 - 11:38 AM
by dcardon
Hello Benoît,

The package allows you to define a list of authorized local admin users.

Code: Select all

allowed_admins_list = [
    rf"{get_computername()}\tisadmin",
    rf"{domain_name}\tis-adm",
]
If the package finds an authorized local administrator, it won't throw an error. However, for unauthorized local administrators, they need to be removed; that's the purpose of the audit that triggers an error/warning :-)

Sincerely,

Denis

Re: tis-audit-local-admins in audit error

Published: April 24, 2024 - 3:29 PM
by Benoit
Hello dcardon,

Thank you for your reply. I hadn't seen that list.
It does indeed solve the problem mentioned earlier.

Another question:
I have some local admin accounts that are named. This account list is likely to change.
To avoid rebuilding the package with each change, would it be possible to allow all accounts that begin with "administrator_local_"?

Regards,

Re: tis-audit-local-admins in audit error

Published: April 24, 2024 - 4:22 PM
by dcardon
Hello Benoît,

the code needs to be modified at the level of

Code: Select all

    for user in admins_users:
        if not user.lower() in allow_admin:
            listerror.append(user)
And then change the package name to prevent the console from prompting you to upgrade to the next version that will be released on the store :-) (which would overwrite your changes)

Sincerely,

Denis

Re: tis-audit-local-admins in audit error

Published: April 26, 2024 - 11:51 AM
by Benoit
Good morning,

Thanks for your response.

I modified the for loop.
However, without understanding why, all admin accounts (authorized or not) were going into the error list.
I reversed the if loop, and now it works.

Code: Select all

    listerror =  []
    admins_users  = local_group_members(name_group_admin)
    for user in admins_users:
        if user.lower() in allow_admin or user.startswith(rf'{domain_name}\*********'):
                pass
        else:
            listerror.append(user)
    if listerror:
        print (f'Les comptes administrateurs suivants ne sont pas autorisés :{listerror}') # Bad users in admin list:
        return 'ERROR'
    print('%s' % ','.join(admins_users)) # Allowed users in admin list:
    return 'OK
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru