Summary
Dive into the world of endpoint security with our comprehensive guide on using Level to detect and manage unauthorized administrator accounts.
In this video, we cover:
Setting the List of Authorized Admins: Learn how to define and store your authorized administrators in Level as a custom field for easy reference and management.
Detecting Local Admins: We show you how to get a list of all local administrators on a device, save this list to a variable (detectedAdmins), and prepare it for comparison.
Identifying Unauthorized Admins: Compare the list of detected admins against your authorized admins to identify any discrepancies, highlighting who the unauthorized admins are.
Approval Process for Admin Actions: Understand how to implement a waiting period for approval before taking action against unauthorized admins, ensuring you maintain control over changes.
Disabling Unauthorized Admins: Walk through the process of disabling those unauthorized admin accounts to secure your endpoints.
Validation: After taking action, we demonstrate how to check again to ensure no unauthorized admins remain, thereby verifying the effectiveness of our automation.
Reporting on Automation History: Discover how Level helps in tracking and reporting on devices that have had issues in the past, providing valuable insights for your InfoSec team.
Real-time Monitoring: Learn how to set up Level for automatic triggering of this admin management process through real-time monitoring, keeping your endpoints secure without constant manual intervention.
โ
Whether you're an IT administrator looking to tighten security or a security professional interested in automation tools, this video will equip you with the knowledge to use Level for efficient endpoint security management. Make sure to like, comment, and subscribe for more tech automation tutorials!
Video Tutorial
Script References