User Login Management
User issue settings
Nanitor administrators can define in which cases Nanitor will raise an issue of the type "User". Navigate to "Settings" in the "Organization Management" administration section of Nanitor. In the Issue tab you will find a section for User issues.
You can define different scenarios for the areas where Nanitor will raise an issue for. As a best practice you should at least have the "Domain admin has account on a non-domain controller" setting checked. Since since a severe issue you should mark it as such give it a high severity when detected.
User Audit report
Nanitor is collecting information on all users logged onto the assets where and agent is installed. Nanitor differentiates between a regular and an admin users. This user logon details can be viewed from within Nanitor by navigating to "Inventory" and "User Audit report".
This will give you a very good overview on all users across your IT infrastructure. It will identify stale users or users with administration rights on local machines. These are clear indicators for removing potential risk users.
Windows user profiles
Nanitor is flagging user profiles that exist on Windows assets. Removing the user from the asset is not enough since you also need to remove the user profiles on the windows machine. To troubleshoot existing user profiles and where they exist on the Windows asset you can run following commands in the PowerShell of the asset.
$profiles = Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList*' 2$profiles | Select-Object -Property PSChildName, ProfileImagePath
$profs = Get-WmiObject -ClassName Win32_UserProfile 2$profs | Select-Object -Property SID, LocalPath
Troubleshooting
When you need to know what Nanitor is exactly checking on run the following commands on the Windows machine
cd 'C:\Program Files\Nanitor\Nanitor Agent' 2$env:NANITOR_TEST_CLI=1 3.\nanitor-agent-bin.exe test_system_info
which will out the system information along with a section for the detected user profiles