Skip to content

Eliminate Local Admin Rights

Along with the device discovery, the Securden agent captures the list of local administrator accounts on each computer. This helps you decide which devices require least privilege enforcement. Least privilege enforcement requires the removal of local admin rights of users across servers and endpoints.

Navigate to Admin >> Privilege Elevation and Delegation Management >> Remove Admin Rights

Eliminate Admin Rights

In addition to removing local admin privileges, this GUI allows you to remove users from any group on devices and add them to a different group.

This option is quite flexible and helps you manage the admin rights of any number of users on any number of computers with a single click.

Step 1: Selecting Target Users.

You need to specify the users for whom you want to manage privileges. You have two options going forward.

Option 1: Select All users - and filter between local users, domain users, and domain groups.

Option 2: Individually include/exclude specific users/user groups. This option allows you to add users who haven't been onboarded in Securden.

Step 2: Selecting Target Devices

Specify the computers on which rights are to be managed for the users selected in step 1. You have two options going forward.

Option 1: Select all computers. Note: This only includes the computers that have the Securden agent installed on them.

Option 2: Select specific computers/computer groups.

Step 3: Specify Source Groups

Selected users might be a part of groups with admin privileges in the selected devices. Specify the groups from which the selected users are to be removed. You have three options going forward.

Option 1: Remove from 'Administrators' group - This option allows you to remove the selected users from the local administrators group.

Option 2: Remove from specific group(s) - This option allows you to select a specific privileged group from which the selected users will be removed.

Option 3: None - Select this option if you do not want to remove users from any group

Step 4: Specify Destination Group

Specify the groups to which users removed in Step 3 are to be added into. You have three options going forward.

Option 1: Add to the ‘Users’ group - This option allows you to add the users removed into the default ‘Users’ group, making them standard users with no admin privilege.

Option 2: Add to a specific group - This option allows you to add the users removed into a specific group/groups of your choice. Select the groups where you wish to add the users.

Option 3: None - Select this option if you do not want to add the users removed from group(s) specified in Step 3 to any other group(s).

Once you’ve selected and specified all the required options, click on Proceed.

The selected users will be added/removed for specific/all devices based on your configurations.