Home
»
Discussion Forums
»
Scripts & Agent Procedures
»
Admin Group Member changes
Subscribe via RSS
Share this
Similar Posts
Monitor Administrator / Domain Admins group Member logons
by
RICHIE
on
Feb 4, 2011
Not Answered
Automate finding members of a security group
by
LegacyPoster
on
Apr 1, 2009
New Agent Procedure - List AD Group members (send to e-mail)
by
Phil G
on
Jan 20, 2012
Change Group
by
LegacyPoster
on
Aug 5, 2009
Changing groups
by
LegacyPoster
on
Nov 20, 2008
View More
Details
6
Replies
0
Subscribers
Posted
over 10 years ago
Scripts & Agent Procedures
Admin Group Member changes
Posted by
LegacyPoster
on
Mar 3, 2009 10:29 AM
Does any one have a script to monitor Domain admin and Enterprise admin group changes. I want to be notified if a member was added, disabled or removed from the domain / Enterprise admin groups.
Thx
Legacy Forum Name: Admin Group Member changes,
Legacy Posted By Username: richie3333
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 4, 2009 12:02 AM
I monitor this with an event log alert, the addition and removal of Domain admins is logged in the security event log. Event ID 632. Filter for *Domain Admins*
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: cnwicsurrett
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 6, 2009 1:35 AM
Thank you . I will try that. Sounds simple enough.
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: richie3333
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 9, 2009 11:42 AM
I believe the agent filters out successful security events... which would include this.
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: nevesis
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 9, 2009 8:21 PM
Yes but I allowed capturing Succesful events becasue it is important for me to know if an admin account is added in the network. Its working fine.
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: richie3333
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 11, 2009 8:19 AM
Richie,
How did you allow Successfull Events back into you system? Did you modifiy the Global Blacklist file? That was the only solution that I found, but Kaseya can replace that file during hotfixes so you need to then monitor it for changes.
Alan
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: akoop
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Mar 11, 2009 7:38 PM
All you have to do is go to the Agent Tab then select Event Log settings and assign to machines.
Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: richie3333
You have posted to a forum that requires a moderator to approve posts before they are publicly available.