Kaseya Community

Admin Group Member changes

  • Does any one have a script to monitor Domain admin and Enterprise admin group changes. I want to be notified if a member was added, disabled or removed from the domain / Enterprise admin groups.


    Thx

    Legacy Forum Name: Admin Group Member changes,
    Legacy Posted By Username: richie3333
  • I monitor this with an event log alert, the addition and removal of Domain admins is logged in the security event log. Event ID 632. Filter for *Domain Admins*

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: cnwicsurrett
  • Thank you . I will try that. Sounds simple enough.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: richie3333
  • I believe the agent filters out successful security events... which would include this.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: nevesis
  • Yes but I allowed capturing Succesful events becasue it is important for me to know if an admin account is added in the network. Its working fine.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: richie3333
  • Richie,

    How did you allow Successfull Events back into you system? Did you modifiy the Global Blacklist file? That was the only solution that I found, but Kaseya can replace that file during hotfixes so you need to then monitor it for changes.

    Alan

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: akoop
  • All you have to do is go to the Agent Tab then select Event Log settings and assign to machines.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: richie3333