Issues with Admon detecting "user" removed
Posted: Sun May 26, 2019 10:48 pm
Hi Team
I am trying to get this plugin working for my environment but over 2000 tickets logged I'm hitting a bit of a wall.
The addon is constantly 'detecting' that accounts are being removed from the administrator group (and logging a ticket for each account... which adds up!).
It is detecting EVERY administrator - our domain admins group, local user accounts, the local Administrator account, are all being detected as being 'removed' from the local administrators setup. It so far doesn't look to have detected any as being added, but with the amount of tickets being logged I cannot confirm this fully.
I've modified the plugin to only alert us on adding new Administrators, but would like to eventually be alerted on both cases
I am trying to get this plugin working for my environment but over 2000 tickets logged I'm hitting a bit of a wall.
The addon is constantly 'detecting' that accounts are being removed from the administrator group (and logging a ticket for each account... which adds up!).
It is detecting EVERY administrator - our domain admins group, local user accounts, the local Administrator account, are all being detected as being 'removed' from the local administrators setup. It so far doesn't look to have detected any as being added, but with the amount of tickets being logged I cannot confirm this fully.
I've modified the plugin to only alert us on adding new Administrators, but would like to eventually be alerted on both cases