We have a user that is being removed from IT (more like being forcefully demoted) and our owner still finds him valuable in other departments. My challenge is to find all servers that he may be using his account locally on (as a service or added to a local admin group). It hasn't happened yet, but we need to be prepared to say we know all the servers his account is on when the owner demotes him.
I'm hoping someone has an approach to this that doesn't include going through tons of Event Viewer Security logs. We do have System Center Configuration Manager and Operations Manager 2012 w/ SP1, but the guy that is responsible for those is the guy we are removing and none of us are aware on how to use the possible tools that those have. If you feel that those would do the trick then please point me to a "how to" and I'll try to learn on the fly. Otherwise I'll take any other suggestions.
~Rick