Getting Data In

Splunk 6.1 how to find a listing of local admins on all workstations and servers

tbalouch
Path Finder

Hey guys,

I was wondering if there is a search that would list all local admin accounts on a workstation or server in my windows domain?

Tags (3)
0 Karma
1 Solution

tbalouch
Path Finder

Thanks that looks like it works. But how would I output this to a file? Can i create a new file in the Splunk forwarder directory on the remote server?

0 Karma

lukejadamec
Super Champion

You would need to monitor an output that contains the list of local admins, and that does not happen automatically on Windows systems.

You could create a script to run on a schedule that generates a list of local admins, and read that data into Splunk. The command to run in the script would be this I think:
net localgroup administrators

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...