Monitor Administrator Security Group In LabTech with ADMON

Admon-logo Who’s in and out of your Security Group?

 

 

 

ADMON is a LabTech plugin used to monitor and restore changes made to your local administrators group. Many viral attacks end up trying to add or change the users in the local administrators group of an infected PC. Sometimes these subtle changes go un-noticed and end up causes very expensive repairs and loss of data. ADMON will alert you to the changes, create tickets and if set to auto restore will add time to ticket and restore the admin group back as it was, before closing the ticket out. If your clients need  to audit who has what privileges across the PCs in the network, you can use the simple export tool provided in the plugin to get a detailed list of computers and the users with admin rights into Excel.

 

Have a peek at what we are doing!

We provide a master on / off switch for easy control over the plugin and a control to set and manage the scanning interval for greater flexibility.

mastermenu

 

 

Each client has a “Admin Group” tab at the Client console level that displays key information on each PC scanned for that client. You have a master enable switch to enable each client you want to provide the service for. We provide the ability to monitor both additions and removals individually which will create alerts only, or if you add the ticketing box it the plugin will also create tickets for you. You can set the system to auto restore any changes as part of the monitoring (2 way monitoring needs to be set). If you opt to auto restore and also select ticketing, the system will open a ticket, add 10 minutes, auto restore the group and close the ticket completing the required repairs. Select any machine and right click to reveal a menu to manage alarms and to manage the Administrators group. Use the export to Excel tool to get the data out of LabTech and into 3rd party applications like Excel.

clienttab

 

The View Alarms popup reveals who has fired off alarms and what was delivered (alert or ticket) Once a system has alarmed or has been ticketed no new alarms are sent until cleared. To clear double click the selected item.

viewalarms

 

Selecting a computer from the main screen and right clicking for a menu to manage the administrators group will lead you here. This tool allows you to add or remove users to the administrators group directly from LabTech. See the commands execute in near real time inside the console window provided.

add-remove-user

 

Current Version 1.0.0.76

Download the DLL to install via LabTech Plugin Manager

download