You can revoke local administrator rights from accounts. This provides you with an extra layer of control of user accounts. For example, you can revoke local administrator rights after a one-time assignment is complete.
When this task is run, the specified local account is checked to see whether it belongs to local administrator groups.These groups are defined in the Network Agent policy settings. You may customize the list of local administrator groups in the Network Agent policy settings. You can also check the list of privileged user accounts using the Report on privileged device users (Linux only).
This task may be performed only on Linux devices.
To revoke local administrator rights on specific devices:
In the main menu, go to Assets (Devices) → Tasks.
Click Add.
The New task wizard starts.
In the Task type field, select Revoke local administrator rights (Linux only).
The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
If a task is assigned to an administration group, the Security tab is not displayed in the task properties window because group tasks are subject to the security settings of the groups to which they apply.
You can specify DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
The task is assigned to devices included in a device selection. You can specify one of the existing selections.
For example, you may want to use this option to run a task on devices with a specific operating system version.
The Revoke local administrator rights(Linux only) task is created for the specified devices. If you selected the Assign task to an administration group option, the task is a group one.
At the Task scope step, specify an administration group, devices with specific addresses, or a device selection.
The available settings depend on the option selected at the previous step.
At this step of the wizard, specify the following settings:
In the Operating mode settings group, select the operating mode:
If this option is selected, local administrator rights will be revoked from all local accounts, except the specified ones.
By default, this option is not selected.
Specify the local accounts:
Click Add.
In the window that opens, do the following:
In the Account name field, specify the name of the local account.
In the Account action settings group (available only if the Revoke local administrator rights from listed accounts option is selected), select the action.
If this option is selected, the local account will be deleted regardless of whether it has local administrator rights.
By default, this option is not selected.
At the Finish task creation step, click the Finish button to create the task and close the wizard.
If you enabled the Open task details when creation is complete option, the task settings window opens. In this window, you can check the task parameters, modify them, or configure a task start schedule, if necessary.
In the task list, select the task you created, and then click Start.
Alternatively, wait for the task to launch according to the schedule that you specified in the task settings.
When the revoke local administrator rights task is completed, the local administrator rights are revoked from the specified local accounts on the specified devices.