Kaseya Community

Monitor any AD server for changes to privileged groups and notify upon change.

  • Just FYI,

    I created a new script to monitor all my customers privileged groups in their Active Directory services. The reason for this was that we have found that some of our techs make bad desisions by adding user accounts and service accounts to the Domain admins group. So to curb this we poped in a monitor to be alerted when changes are made and to whom.

    http://www.squidworks.net/2011/07/kaseya-agent-procedure-alert-if-privileged-account-are-changed-in-active-directory/

    This script will query the AD forest for the domain names and then queries for Domain admins, Enterprise Admins and Schema Admins members. You can query for more groups if you like. It works great if you have lost of customers and domains as you do not need to edit the scripts for each domain name, the script will find that out during queries.

    Enjoy!

    Cubert Geeked

  • BINGO !!! We just found some techs adding users to the local admin group as well.

     

    KUDOS…..

     

    From: cubert [mailto:bounce-cubert@kaseya.com]
    Sent: Tuesday, July 12, 2011 2:21 PM
    To: community_agentprocedures@kaseya.com
    Subject: [Kaseya Community: Scripts and Agent Procedures] Monitor any AD server for changes to privileged groups and notify upon change.

     

    Just FYI,

    I created a new script to monitor all my customers privileged groups in their Active Directory services. The reason for this was that we have found that some of our techs make bad desisions by adding user accounts and service accounts to the Domain admins group. So to curb this we poped in a monitor to be alerted when changes are made and to whom.

    http://www.squidworks.net/2011/07/kaseya-agent-procedure-alert-if-privileged-account-are-changed-in-active-directory/

    This script will query the AD forest for the domain names and then queries for Domain admins, Enterprise Admins and Schema Admins members. You can query for more groups if you like. It works great if you have lost of customers and domains as you do not need to edit the scripts for each domain name, the script will find that out during queries.

    Enjoy!

    Cubert Geeked

  • Nice procedure Cubert. Some interesting finds already.

  • Just checked this one out... nice, simple, and to the point. Good work sharing with all.

  • Great scritpt. Thanks for sharing.

  • One thing... I seem to get different results when running it against two DC's in my domain? Anyone else seen this?

  • Hi Cubert,

    Nice script, I have been working on this in a different way getting the same results.  I found something else that causes problems.  What happens if some one adds a user to the built in administrators group,  that does not show. Also if the security groups are renamed you will not see them.

    Have you figured out a way around it?  

    If you run the command

    net localgroup administrators

    it will list any users if any as part of the group along with any groups in it, but not the members of the groups

    Alias name     administrators

    Comment        Administrators have complete and unrestricted access to the computer/domain

    Members

    -------------------------------------------------------------------------------

    Administrator

    BESAdmin

    Domain Admins

    Enterprise Admins

    Exchange Organization Administrators

    jrojas

    smarashi

    The command completed successfully.

    Do you know of away to automate this?

    Regards,

    Jorge

  • Done, goto

    www.squidworks.net/.../kaseya-agent-procedure-local-admin-audit

    to download

  • You might also like the following script:

    You might also want to see

    www.squidworks.net/.../kaseya-agent-procedure-free-active-directory-health-monitor-script

    The Active Directory Health Monitor for Kaseya