Built off the open source project Osquery
Description: The query allows you to check macOS systems for local administrator accounts. The administrator on a Mac has full privileges to install programs, uninstall them, modify files, or compromise the system. The query helps to identify local administrator accounts to ensure IT hygiene and compliance in the enterprise.
What The Data Shows: User ID, Username, User description
SQL:
SELECT u.uuid, u.username, u.description
FROM users AS u
INNER JOIN user_groups AS g ON g.gid=u.gid
WHERE g.gid = 20
GROUP BY username;
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.