- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-03-2023 03:32 AM
Hi Team,
Can we check user details on the XDR console - Local user with admin privileges?
Any way to identify such users?
Regards,
Shahwaz
10-03-2023 04:37 AM - edited 10-03-2023 04:39 AM
Yes, you can easily check user privileges in the Cortex XDR console by following these steps:
Log in to the Cortex XDR management console.
Select Settings → Configurations → Access Management → Users.
In the Users page, you will find a variety of options to assist you in managing users
10-03-2023 08:37 AM
Yes, correct. Any way to identify that through XDR.
10-03-2023 10:39 PM
Hi @Shahwaz_Md
Thank you for writing to live community! Yes, you can identify windows user accounts with admin rights however it would require Host Insights License. If you have HI License, you may use "Users to Groups" under Host Inventory locate at Incident Response → Investigation → Host Inventory. User to Groups shows a list mapping of all the users, local and in your domain, to the existing user groups on an endpoint. And you may filter Group names by "Administrator" to look for users with Admin rights.
For details you may check under here
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!