jorge.pascua

...when final users have admin privileges...

Blog Post created by jorge.pascua Employee on Jul 3, 2018

Hi community,

 

Some of our partners and customers are suffering the consequences of their IT governance policies that allow final users having administrative privileges.

 

This is a regular practice at consulting companies. For example: the consultants roles, especially IT Consultants, need extra privileges to install additional applications when they're assigned in a customer case, service or project.

 

Ok, we've got two problems here:

  • The first one, is that some people from our company have applications from the customer side, and some times this means a compliance risk.
  • And the other one is directly related with a security risk: the users can install applications on demand, non approved by IT department, or even uninstall applications.

 

Yes, I know you know that SLM offers differents ways to report this risks, like Black Listed Applications or Compliance summary report.

 

But, what happen when a user uninstall the Snow Agent?

Or what happen when a user delete some support scripts from the Snow Agent folder?

How can I identify users with admin privileges?

 

For the Snow Agent uninstallation issue, you can use ootb reports to list the status of the reported computers.
If a computer that you know that is alive is moved to quarentine pool, you must start to investigate. Some computer might have connectivity issues (ports, firewall blocking, etc), but this uses to affect massively to your computers (VLANs, Sites, etc)

NOTE: You can take a look of this post, discussing about how to hide the Snow Inventory Agent application from the Control Panel - Add / remove programs section

Windows agent 5.x.x - hide from add/remove programms

 

To identify if a user has deleted support files or not, we've been working with a customer to create a custom report to show exceuted PS scritps during the agent scan. This could be usefull to determine is some of those scripts are failing or ara missing from the agent side.
This is the result:

 

In same way, we've defined also a report and a signed PS script to collect local users and groups info from the computer.
This is the result:

 

So, if you find yourself suffering this issues, don't hesitate to contact your local Snow representative to support you with this.

 

BR,
Jorge

Outcomes