Collection filter results are incorrect
Hey all,
I'm having an issue with PDQ Inventory 17 Enterprise.
I'm using a basic filter to find any systems that have a certain domain user account in the local administrators group. Seems simple enough.
I have (edited to remove specific details): All - Local group - name - equals - Administrators Local group member - domain - equals - [domain] Local Group member - name - equals - [username]
However while I am getting filtered results, I'm getting results for systems that do not have the user listed in the Administrators group. I've rescanned to ensure it's up to date, I've edited the filter to have one condition at a time and also completely removed it and re-added it as a clean one but I can't understand why some systems are showing up with results for systems that shouldn't be there. Strangely I've got the same filter set up for another username and that shows results correctly. With these systems the username used to be listed but I removed the listing in the Administrators group but something in the Inventory still says it exists although looking at the workstation inventory details, there is no existence of it. I've also done a database optimise to see if that helps but nada.
Am I just using an incorrect query or has anyone else come across this issue?
Comments
I do something similar although more basic than what you're trying to do. We are only monitoring one domain so I do not include anything regarding the domain name. In my example we have a user named 'OSADlocal'. I have collections to show any computers that have the user and another to show any computers that do not. Below is a screenshot of the collection that reports any computers that do have the local user.
Hope this helps.
Thanks for replying GWhite however it doesn't help my issue. In your case, the user is local to the machine. In my case, the user is a domain user that is a member of the local group. It would be a lot simpler if it was just a local user but out of luck on this one.
John,
Sorry for the delay in responding. I was able to accomplish in two ways. Hopefully one of them will help you. We have a domain user that we add to the local admin group on specific workstations that are attached to scanners.
In my example:
I started by opening one of the computers, which I knew contained that user in the local admin group, in PDQ Inventory and reviewing the Local Groups item and confirming that my user and domain name were listed.
Then, I created these two collections. The first collection only looks for the name of the user as a member of the local admin group.
In order to do as you indicated in your original post, I created a different collection that was checking group, user name and user domain name.
Hopefully this gets you where you need to go.
Hey GWhite,
No issues with the delay. That's how I've got my collection set up but it still shows the workstation in the collection even though the user is not listed in the computer properties. I'm now thinking that WMI may be an issue. I recall with another inventory program I used in the past listed machines with an old AV installed but when checked locally, it did not. It turns out that the entry for the program was listed in WMI hence it is still got reported.
I may try a WMI cleanup but that is a hit and miss job and may not be the issue.
I'm sure you're probably doing it correctly, but sometimes it turns out to be the smallest detail with this type of collection. If you'd like to post a pic of your collection definition I'll be happy to look at it and test it on my side.