Sys Admin Guidance

[mattsmacblog]

Great product, I wondered if you could perhaps add a column to the Registry Settings documentation (that seems to double as the how to use this software from the sys admin perspective) along the lines of "Usage Examples" to help understand how people are using each setting / how the settings came about? i.e. I have gleaned some more info from other people's Issues / Feature Requests about AzureAD Groups vs AD and the like...

Even if it was just how you use it at Sinclair Community College as an example:

https://github.com/pseymour/MakeMeAdmin/wiki/Registry-Settings

Setting Name | Default Value | Format | Explanation | Example -- | -- | -- | -- Allowed Entities | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are allowed to obtain administrator rights on the local machine. | i.e. an AD Group called grp_AllowedITAdmin_Staff or the SID 0000-000-0000023232 etc... You can combine this with OU's, sub OU's and item level targeting / security filtering on multiple GPO's to get more granular control...

Denied Entities | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are not allowed to obtain administrator rights on the local machine. Denials take precedence over allowed entities. |

Automatic Add Allowed | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are automatically added to the Administrators group upon logon. Automatically added users are not subject to a timeout. | This might be a good place to have your Exception group of staff that have been given permission to be permanent Admins for an approved reason...

Automatic Add Denied | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are never allowed to be added automatically to the Administrators group upon logon. Denials take precedence over allowed entities. | This might be a good place to have your Exception group of staff that have been given revoked permission to be permanent Admins due to misuse...

How does the "Remote" part work / how do you use it to gain admin rights on a remote computer?

Remote Allowed Entities | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are allowed to obtain administrator rights from a remote computer.

Remote Denied Entities | empty | REG_MULTI_SZ | List of SIDs or names2 for users or groups that are not allowed to obtain administrator rights from a remote computer. Denials take precedence over allowed entities.

[pseymour]

I like this idea, but I would rather keep the settings page as is, that is, just the settings themselves. Sounds like a separate page or pages would be in order.

Other folks out there who use Make Me Admin.... if you have content ideas for a page like this, email them to me via GitHub or at this same user name at proton dot me. Or if it's not private, post them here.

[kheldorn]

A documentation page for the remote feature would be nice. Including mentions of the required port and that the "NetTcpPortSharing" service must be running for it to work.

Back in v2.3.x days I spent way too much time on figuring that out until I found the solution in a closed issue here.

Looked into creating such a wiki page myself, but apparently contribution to the wiki seems to be disabled.

[mattsmacblog]

Thanks! I'm just testing the product out myself but happy to write something up for you to look over and perhaps use once I understand how it all works.