With ZENworks Configuration Management scripting actions you can specify a vbs, python, perl or bat script to be dynamically created and run. Using this feature you can leverage scripts from any systems management community and leverage ZENworks Configuration Management as the delivery and enforcement method.
To configure a script bundle (see documentation for more details) Simply configure a directive bundle with a run script action in the Launch section. In order for the script to run a scripting engine needs to be defined, for this bundle I have chosen the windows scripting host wscript.exe, however any scripting engine can be used. In addition scripts can be either defined on the workstation, uploaded from the administration workstation or created from withing the ZENworks Control Center, for this bundle I have chosen to create the script in ZCC (see pic below).
Within the Script Content section enter the following script. After creating the script bundle associate it to launch on refresh, this will consistently enforce that the local administrators only have accounts specified in the Permited Administrators List Array (see below)
'** Define Variables
Dim PermittedAdmins' As Array
'** Define Permited Administrators List
PermittedAdmins = Array("Administrator", "tempadmin", "Domain Admins") '<--- Add to this Array any additional permited admins
'** Get Local Administrator Group
Set AdminGroup = GetObject("WinNT://./Administrators, Group")
'** Search for Invalid Members & Remove Them
For Each GroupMember in AdminGroup.Members
Debug.WriteLine GroupMember.Name, GroupMember.Class, IsPermitedAdmin(GroupMember.Name)
If Not IsPermitedAdmin(GroupMember.Name) Then
'** Functions *****************************************************************
Function IsPermitedAdmin(MemberName)' As Boolean
Dim i' As Long
For i = LBound(PermittedAdmins) To UBound(PermittedAdmins)
If UCase(MemberName) = UCase(PermittedAdmins(i)) Then
IsPermitedAdmin = True
IsPermitedAdmin = False
I have included the bundle in an exported xml format. To import this bundle simply copy the xml file to the server and run the import command (ex. zman bc "Restrict Local Admin" restrictlocaladmin.xml /Buncles/Security)
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.