Axonius Documentation
Start typing to search…

Microsoft AD - Fetch Local Users from Devices

Microsoft AD - Fetch Local Users from Devices fetches local users data from devices as Managed Identities for:

  • Assets returned by the selected query or assets selected on the relevant asset page.
📘

Note

This action was previously called Active Directory - Enrich Devices with Local Users.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

📘

Note:

Required Fields

These fields must be configured to run the Enforcement Set.

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
  • Hostname - A hostname that has WinRM service enabled.
  • User Name and Password - The credentials for a user account that has the Required Permissions to perform this Enforcement Action.

  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

Additional Fields

These fields are optional.

  • Fetch builtin administrators (disabled by default) - Enable this to fetch the Builtin\Administrator from each workstation.

  • Gateway Name - Select the Gateway through which to connect to perform the action.

APIs

Axonius uses the Microsoft PowerShell Management API.

Required Ports

Axonius must be able to communicate via the following ports:

  • Port 5986 (requiring the WinRM service to be enabled in the Hostname)

Required Permissions

The stored credentials, or those provided in Connection and Credentials, must have the following permission(s) to perform this Enforcement Action:

  • Permission to run the Get-WmiObject PowerShell command.

For more details about other Enforcement Actions available, see Action Library.

Updated 4 days ago