Admon Local Admin Group Monitor
Current Version 220.127.116.11
ADMON is a LabTech plugin used to monitor and restore changes made to your local administrators group. Many viral attacks end up trying to add or change the users in the local administrators group of an infected PC. Sometimes, these subtle changes go un-noticed and end up causing very expensive repairs and/or loss of data. ADMON will alert you to the changes, create tickets and if set to auto restore will add time to ticket and restore the admin group back before closing the ticket out. If your clients need to audit their privileges across the PCs in the network, you can use the simple export tool provided in the plugin to get a detailed list of computers and the users with admin rights into Excel.
Have a peek at what we are doing!
We provide a master on / off switch for easy control over the plugin and a control to set and manage the scanning interval for greater flexibility.
Each client has an “Admin Group” tab at the Client console level that displays key information on each PC scanned for that client. You have a master enable switch to enable each client you want to provide the service for. We provide the ability to monitor both additions and removals individually which will create alerts only. Or if you chose to add the ticketing box, the plugin will also create tickets for you.
You can set the system to auto restore any changes as part of the monitoring (2 way monitoring needs to be set). If you opt to auto restore and also select ticketing, the system will open a ticket, add 10 minutes, auto restore the group and close the ticket completing the required repairs. Select any machine and right click to reveal a menu to manage alarms and to manage the Administrators group. Use the export to Excel tool to get the data out of LabTech and into 3rd party applications like Excel.
The View Alarms popup reveals who has fired off alarms and what was delivered (alert or ticket) Once a system has alarmed or has been ticketed no new alarms are sent until cleared. To clear double click the selected item.
Selecting a computer from the main screen and right clicking for a menu to manage the administrators group will lead you here. This tool allows you to add or remove users to the administrators group directly from LabTech. See the commands execute in near real time inside the console window provided.