Support > User Guides & Training Materials > Tutorials
Tutorial: Scope Action
Controlling the memberships of the local Administrators group
This tutorial explains how you can use a scope action to control the members of the local Administrators group (or any other group) on your machines.
Solution
Adding Group Members
Create a new scope action, define its name and click on Next.
Under Scope, select the Computers object type and define the list of machines to process (see: Defining the Scope). Click on Next.
Under Actions, double click on Add New to start the Action Module property window.
Under Execute the
following Action(s), click on
Add/Remove > Execute Computer Action > Local Account Database
> Add Local Group Member
Under Execute the
following Action(s), click on
Add/Remove > Report Computer Property > Local Account Database
> Local Groups > Members > NT Account Name
Specify the group name to manage in the Local Group Name field (i.e.: Administrators)
Specify the object account name to add to the configured local group in the Member UNC Name field. The object account name must be in UNC format: DOMAIN\AccountID for domain objects, or .\AccountID for local accounts.
Click on OK.
Click on OK. Click on Next.
Complete your scope action and run.
Goverlan will then visit each computer as defined in the Scope and execute the configured actions.
Removing Group Members
Create a new scope action, define its name and click on Next.
Under Scope, select the Computers object type and define the list of machines to process (see: Defining the Scope). Click on Next.
Under Actions, double click on Add New to start the Action Module property window.
Under Execute the
following Action(s), click on
Add/Remove > Execute Computer Action > Local Account Database
> Remove Local Group Member
Under Execute the
following Action(s), click on
Add/Remove > Report Computer Property > Local Account Database
> Local Groups > Members > NT Account Name
Specify the group name to manage in the Local Group Name field (i.e.: Administrators)
Specify the object account name to remove
from the configured local group in the Member UNC Name
field.
Note that this field accepts wild cards which allow the
removal of multiple members in one call. Review the field
description for more information about the acceptable wild
cards.
Click on OK.
Click on OK. Click on Next.
Complete your scope action and run.
Advanced Group Member Removal
The method described above is flexible but may not cover all possibilities. For instance, you cannot ask Goverlan to remove all group members EXCEPT for 'John Doe' and 'Domain Admins'.
For an advanced method of deleting local group
members, please review the following tutorial:
Example: Controlling the memberships of the local Administrators
group
How to work with Failed Nodes
One or more targeted machines may have failed to be processed because they were off or some other reason.
To view the list of failed nodes from the previous run, select your scope action and click on the View Last Run's Failed Objects button in the Ribbon Bar.
At a later time, you can re-run the Scope Action against these failed nodes. To do so, select your scope action, right-click on it and select Re-Run on Failed Objects. In this mode, only the objects which failed in the previous run are processed, and the new output data is consolidated with the previous data.
You can also schedule your scope action to re-run on failed objects on a periodical basis.