Remote Monitor Series: Security! Finding members of local groups that shouldn’t be there (like Remote Desktop Users)

2018-12-08T00:15:45+00:00December 8th, 2018|

A bit more of a complex monitor today! This monitor allows for the checking of all the members of any local group (domain groups will also work if done on a DC) and allow you to trigger an alert if accounts are found that shouldn’t be there. The biggest usage for this in my experience is detecting for users who have been accidentally added into “Remote Desktop Users” on a server – “Remote Desktop Users” is a group that exists by default on all Windows machines. It’s very easy when engineers are creating users that they accidentally add them to this group on a domain controller. This is what this monitor is detecting for:

I would like to draw your attention to a few parts of this:

If you are looking to EXCLUDE users or groups from the member results, you can add them here. Be sure to include the backslash to keep the ” escaped.

Can be changed if you have any specific uses where this would be helpful.

 

 

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.