🛡️ User Auditing Playbook
Contributed by: 
Windows (Desktop & Server)
Section titled “Windows (Desktop & Server)”- Objective: Ensure only authorized users exist and have the minimum necessary pe rmissions. This includes managing authorized users, groups, and other user-specific settings.
- Tools:
lusrmgr.msc(Local Users and Groups)Computer Management
- Common Actions:
- Review All Users: Open
lusrmgr.mscand check the “Users” folder. Compare this against your list of authorized users. - Remove Unauthorized Users: Right-click and delete any users not on the list (e.g.,
dhardman,cdennis,twolf). - Create Required Users: Right-click in the “Users” folder to add any missing authorized users (e.g.,
edarby). - Review Group Memberships: Double-click the “Groups” folder and check the “Members” of the Administrators and Remote Desktop Users groups.
- Enforce Least Privilege: Remove any users from the Administrators group who are not supposed to have admin rights (e.g.,
jkirkwood,dpaulsen).
- Review All Users: Open
Linux (Mint 21 & Ubuntu 22)
Section titled “Linux (Mint 21 & Ubuntu 22)”- Objective: Ensure only authorized users exist and have the minimum necessary permissions. This includes managing authorized users, groups, and other user-specific settings.
- Tools:
Terminal
- Common Actions:
- Review All Users: View the list of users with
cat /etc/passwd. - Remove Unauthorized Users: Use
sudo userdel -r <username>to remove unauthorized users (e.g.,ttanner,cdennis). - Create Required Users: Use
sudo adduser <username>to add any missing authorized users (e.g.,mross). - Review Group Memberships: Use the
groups <username>command to check a specific user. - Enforce Least Privilege: Check the
sudo(oradmin) group. Usesudo gpasswd -d <username> sudoto remove a user (e.g.,kbennett) from the admin group.
- Review All Users: View the list of users with