ps. - I only have a license for Management Suite and patch manager - not security suite...so can't use a solution that utilises security suite!
I'm not aware of any way to do that currently. A quick hack would be to write a quick script to update the registry in some arbitrary location (e.g. put an admin attribute in the registry), create a scheduled task that runs as the logged in user NOT localsystem, and run the task. Then you could collect that information by specifying the registry information in the ldappl3.template file | saving | make it available to clients. You could then query on the informatoin and if they have the attribute, then they're an admin on their local machine.
1 of 1 people found this helpful
take a look here on this sites:
A quick hack like that is fine for ad hoc reporting, but long-term maintenance of it is not going to be pleasant. It's easier and safer to use ldms_client, as ahe suggests.
Guys, try this. Its a free utility that inserts AD group membership into the database. It doesn't need any clients to be modified as it runs centrally and only takes a few minutes to setup.
We designed it like this so that there were no issues with clients that had not received the new cinfiguration or issues with service packs or patches overwriting your modifications. Try it and see how it works for you, we use it internally and it saves us a lot of time trying to maintain what is essentially a client scanning hack.
Don't worry; it says free trial which it is, but AD group functionality is a free perpetual license, there is a small charge if you want to purchase some of the additional functionality it gives (and I do mean small, $500).
If you have Patch Manager License you can scan fall your machines or Security Thret ST0001 whcih gives you admin group membership.Then just make the query for ST0001 ,
Detected=1 & selet reason in display coloumn.
Does anyone know... If you apply ldms_client that was posted by AHE on Jul 11, 2008 10:09 AM - how do you get this built in natively so all future agent deployments have this modified client?
From the manual: An example ldms_client.bat file is included in the %Program Files%/Monkeynoodle directory for use with LANDesk software distribution, and an example vulnerability file (V_INTL_ldms_client installation.xml) is included in the same directory for use with LANDesk patch management. Both examples default to distributing the registry reader tool as well as the ldscnhlp.ini. The vulnerability needs work to be complete, while the batch is probably good to go.
And why I don't like modifying the agent to include non-official components: http://community.landesk.com/support/blogs/jack/2008/05/02/selfdocumenting-solutions