Skip to main content

Recommended Configurations for the Privileged Accounts Job Group

Dependencies

  • SG_AccountPrivileges – To populate the Local Administrator column, which is hidden by default, the SG_LocalAdmins job must be run prior to running this job
  • The Logon Rights > Collection job group must be run prior to running the SG_LocalPolicies job

Targeted Hosts

All Windows Servers (No DCs) for:

  • Local Administrator job group
  • Logon Rights job group

All Window Hosts for:

  • Service Accounts job group

Schedule Frequency

This job group can be scheduled to run as desired.

Workflow

Step 1 – Ensure that the configured Connection Profile has local administrator privileges and Domain Admin privileges if targeting domain controllers.

  • Assign the appropriate target host list under Hosts List Assignment for each job group

Step 2 – Prerequisite: Ensure that the .Active Directory Inventory job group has successfully run prior to running this job group.

Step 3 – Schedule the Privileged Accounts job group or the individual job groups within the Privleged Accounts job group to run as desired.

Step 4 – Review the reports generated by the jobs.

The Local Administrators job group identifies the effective membership for all local administrator groups to gain an understanding of what accounts within the environment are privileged and should be monitored closely.