Back to Resources

Level Verified

Windows Admin Compliance & Remediation

Created by

Level

Type

Automation

Category

Security

Platforms
WindowsApple iOSLinux
Import into Level
Copy link

Problem Overview

Unauthorized local admin accounts pose a serious security risk, granting elevated privileges to unapproved users. This automation ensures that only authorized admins have elevated access, reducing attack surfaces and preventing privilege escalation.

Description

This automation systematically checks for unauthorized local administrators on Windows devices. It retrieves the list of local admin users and compares them against an authorized admins list (configurable globally, at the group level, or per device). If unauthorized admins are detected, the process requests approval before disabling those accounts. Once removed, the system rechecks local admin users to confirm compliance.

Preview

Windows Admin Compliance & Remediation

Use Cases

  • MSPs enforcing security policies – Ensure client devices maintain strict access controls.
  • Internal IT teams – Automate compliance with internal security protocols.
  • Organizations with rotating admin staff – Prevent lingering admin access.
  • Regulated industries – Maintain audit-ready security postures with automated admin reviews.
  • Remote workforce management – Keep endpoint privileges in check without manual intervention.

Recommendations

  • Pair with the “Admin Users Monitor” to trigger this automation whenever unauthorized admins are detected.
  • Test in a controlled environment before deploying organization-wide.
  • Set global or group-level authorized admin lists for consistency across devices.
  • Run on a schedule to enforce “set it and forget it” security checks.
  • Monitor logs after execution to verify changes and ensure expected behavior.

FAQ

  • How do I configure the list of authorized admins?
    You can set authorized admins at the global, group, or device level under the “Custom Fields” section in Level.
  • What happens if an unauthorized admin is found?
    The system will wait for approval before disabling the unauthorized account, ensuring no unintended lockouts.
  • Can this run on a schedule?
    Yes! You can configure it to run at set intervals for ongoing security enforcement.
  • What if I need to restore access to a disabled user?
    If an admin was mistakenly disabled, you can manually re-add them or adjust your authorized admin list.
  • Does this work on all Windows versions?
    Yes, it supports all modern Windows OS versions that Level manages.

Included with this Automation:

Below is a list of what you can expect to find when importing this Automation.

Script details:

The following data and settings will be imported with your script.

Triggers

  • Manual
  • (Suggested -- Monitor Trigger)

Actions

  • Run Script
  • Wait for Approval
Import into Level

Related resources

Explore more automations, scripts, and policies to further enhance your IT operations.

View all resources

Start automating thousands of your devices with Level

Start your 14-day free trial today.

Book a demoGet started for free

© 2025 Level Software, Inc.