-
Notifications
You must be signed in to change notification settings - Fork 11
acc04
Check all local groups and ensure no additional groups exist. If there is a specific application requirement for local groups then these need to be documented with a designated team specified as the owner. If you use specific role groups, make sure they are excluded in the settings file.
- IgnoreTheseUsers - "LIST" - Known user or group accounts to ignore
IgnoreTheseUsers = @('Allowed RODC Password Replication Group', 'Cert Publishers', 'ConfigMgr Remote Control Users', 'Denied RODC Password Replication Group', 'DHCP', 'DnsAdmins', 'HelpServicesGroup', 'IIS_WPG', 'Offer Remote Assistance Helpers', 'Pre-Windows 2000 Compatible Access', 'RAS and IAS Servers', 'TelnetClients', 'WinRMRemoteWMIUsers__', 'SQLServer', 'RSABypass')
- None
-
PASS
No additional local accounts -
WARNING
-
FAIL
One or more local groups exist -
MANUAL
-
NA
Server is a domain controller
- All Servers
- Check-IsDomainController