Support    >    User Guides & Training Materials    >    Tutorials

Tutorial: Scope Action

Controlling the memberships of the local Administrators group

This tutorial explains how you can use a scope action to control the members of the local Administrators group (or any other group) on your machines.

Solution

 

 

 

Adding Group Members

  1. Create a new scope action, define its name and click on Next.

  2. Under Scope, select the Computers object type and define the list of machines to process (see: Defining the Scope). Click on Next.

  3. Under Actions, double click on Add New to start the Action Module property window.

  4. Under Execute the following Action(s), click on
    Add/Remove > Execute Computer Action > Local Account Database > Add Local Group Member

  5. Under Execute the following Action(s), click on
    Add/Remove > Report Computer Property > Local Account Database > Local Groups > Members > NT Account Name 

    • Specify the group name to manage in the Local Group Name field (i.e.: Administrators)

    • Specify the object account name to add to the configured local group in the Member UNC Name field. The object account name must be in UNC format:  DOMAIN\AccountID for domain objects, or .\AccountID for local accounts.

    • Click on OK.

  6. Click on OK. Click on Next.

  7. Complete your scope action and run.

    8. Goverlan will then visit each computer as defined in the Scope and execute the configured actions.

     

    Removing Group Members

  1. Create a new scope action, define its name and click on Next.

  2. Under Scope, select the Computers object type and define the list of machines to process (see: Defining the Scope). Click on Next.

  3. Under Actions, double click on Add New to start the Action Module property window.

  4. Under Execute the following Action(s), click on
    Add/Remove > Execute Computer Action > Local Account Database > Remove Local Group Member

  5. Under Execute the following Action(s), click on
    Add/Remove > Report Computer Property > Local Account Database > Local Groups > Members > NT Account Name 

    • Specify the group name to manage in the Local Group Name field (i.e.: Administrators)

    • Specify the object account name to remove from the configured local group in the Member UNC Name field.
      Note that this field accepts wild cards which allow the removal of multiple members in one call. Review the field description for more information about the acceptable wild cards.

    • Click on OK.

  6. Click on OK. Click on Next.

  7. Complete your scope action and run.

    8. Advanced Group Member Removal

    The method described above is flexible but may not cover all possibilities. For instance, you cannot ask Goverlan to remove all group members EXCEPT for 'John Doe' and 'Domain Admins'.

    For an advanced method of deleting local group members, please review the following tutorial:
    Example: Controlling the memberships of the local Administrators group

 

How to work with Failed Nodes

One or more targeted machines may have failed to be processed because they were off or some other reason.

To view the list of failed nodes from the previous run, select your scope action and click on the View Last Run's Failed Objects button in the Ribbon Bar.

Scope Action Log

At a later time, you can re-run the Scope Action against these failed nodes. To do so, select your scope action, right-click on it and select Re-Run on Failed Objects. In this mode, only the objects which failed in the previous run are processed, and the new output data is consolidated with the previous data.

You can also schedule your scope action to re-run on failed objects on a periodical basis.