Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

acc04

Jump to bottom
My-Random-Thoughts edited this page Oct 28, 2017 · 1 revision

acc-04-local-groups (Enabled)

Check all local groups and ensure no additional groups exist. If there is a specific application requirement for local groups then these need to be documented with a designated team specified as the owner. If you use specific role groups, make sure they are excluded in the settings file.

Input Values

  • IgnoreTheseUsers - "LIST" - Known user or group accounts to ignore

Example

IgnoreTheseUsers = @('Allowed RODC Password Replication Group', 'Cert Publishers', 'ConfigMgr Remote Control Users', 'Denied RODC Password Replication Group', 'DHCP', 'DnsAdmins', 'HelpServicesGroup', 'IIS_WPG', 'Offer Remote Assistance Helpers', 'Pre-Windows 2000 Compatible Access', 'RAS and IAS Servers', 'TelnetClients', 'WinRMRemoteWMIUsers__', 'SQLServer', 'RSABypass')

Input Descriptions

  • None

Result And Messages

  • PASS
    No additional local accounts

  • WARNING

  • FAIL
    One or more local groups exist

  • MANUAL

  • NA
    Server is a domain controller

Applies To

  • All Servers

Required Functions

  • Check-IsDomainController
Home | Quick Start ||| Accounts | Drives | HyperV-Host | Network | Regional | Security | SQL | System | Tooling | Virtual

Helpful Links

Check Sections

Clone this wiki locally