That's a pretty good start to it but it took just a wee bit more coding to get the data out and in to Automate.
But there she blows!!!
Now have Ubuntu, Redhat, CentOS, SUSE and Fedora admins now able to be seen. Should be available in build 1.0.0.38 when released.
Habitat Local Administrators group Monitor (LAGM)
Re: Habitat Local Administrators group Monitor (LAGM)
Hey, one of our account managers has started using this to report back to customers, and he noticed that for two Macs, where there was data listed last time he ran the report, today the entry was cleared.
(ie, a few days ago it said Admin, root and username were a member, but today it's not listing any entries)
I re-ran the scan on the system (since it was online), which re-populated it.
What could cause that? There are also a few machines that are offline, and do not have this issue where the data is cleared.
On this one system I re-ran it, I have absolutely no Command history. So no idea when it last ran, or what the return value was.
The Script view shows it ran on the 29th at 11:26, and the View Log shows the users:
[ ('32','8446','root',NOW()),
('32','8446','username',NOW()),
('32','8446','admin',NOW()) ]
(ie, a few days ago it said Admin, root and username were a member, but today it's not listing any entries)
I re-ran the scan on the system (since it was online), which re-populated it.
What could cause that? There are also a few machines that are offline, and do not have this issue where the data is cleared.
On this one system I re-ran it, I have absolutely no Command history. So no idea when it last ran, or what the return value was.
The Script view shows it ran on the 29th at 11:26, and the View Log shows the users:
[ ('32','8446','root',NOW()),
('32','8446','username',NOW()),
('32','8446','admin',NOW()) ]
Re: Habitat Local Administrators group Monitor (LAGM)
any time it clears I suspect that it attempted a scan and failed or was passed nothing during run. More likely it was passed nothing since no data exists.
Monitor this and when you see it have a look at the last go of the script to see what it was outputting.. Post back here what you find.
Monitor this and when you see it have a look at the last go of the script to see what it was outputting.. Post back here what you find.
-
- Posts: 18
- Joined: Wed Jun 26, 2019 9:19 pm
- 4
Re: Habitat Local Administrators group Monitor (LAGM)
Just checking on when the alarming and the ability to set and restore back the approved list of administrators will be working again in this tool?
Re: Habitat Local Administrators group Monitor (LAGM)
Its on the list, so soon.
Had to take a few week diversion to work on the new Avast Business Plugin for the Avast team. And of course CCleaner is now part of Avast and they needed a new API setup for the CW marketplace.
I apologize for not being on top of this more. Will get to work on it.
Had to take a few week diversion to work on the new Avast Business Plugin for the Avast team. And of course CCleaner is now part of Avast and they needed a new API setup for the CW marketplace.
I apologize for not being on top of this more. Will get to work on it.
-
- Posts: 18
- Joined: Wed Jun 26, 2019 9:19 pm
- 4
Re: Habitat Local Administrators group Monitor (LAGM)
Thanks! Glad to hear you are staying busy and we appreciate what you do!
Re: Habitat Local Administrators group Monitor (LAGM)
bmcfarlane wrote: ↑Tue Aug 11, 2020 4:00 pm Thanks! Glad to hear you are staying busy and we appreciate what you do!
In build 1.0.0.51 we will re-enable the add and remove scanners functions. It may take a version or 2 to get it fully functional as we made some changes to how this works from how the old ADMON worked.
Re: Habitat Local Administrators group Monitor (LAGM)
Hi Guys,
I have the LAGM plug installed. It is scanning my DC and populating some results in the in the domaini admins group, but it is not displaying the full list of accounts in that security group.
I am having the same result on a workstation local admin group. It does not list all of the accounts in the local admin group.
Any suggestions on how to get it to work? I have rescanned the computers and checked Monitor additions to admin groups
I have the LAGM plug installed. It is scanning my DC and populating some results in the in the domaini admins group, but it is not displaying the full list of accounts in that security group.
I am having the same result on a workstation local admin group. It does not list all of the accounts in the local admin group.
Any suggestions on how to get it to work? I have rescanned the computers and checked Monitor additions to admin groups
Re: Habitat Local Administrators group Monitor (LAGM)
I enabled ticket creation for changes and am generating a lot of tickets for AD security groups, like Domain Admins, being added and removed depending on whether the user is working on their laptop in the office or remotely. I read through the forum but didn't see a fix for this scenario. Is there a way to keep these systems from generating tickets if they're not connected to the network?
- Attachments
-
- Habitat LAGM laptops.png (16.52 KiB) Viewed 14678 times
Re: Habitat Local Administrators group Monitor (LAGM)
I had to turn off the monitoring of additions and removals after 90+ alerts were generated for the two companies I was testing over the past 12 days. Way too much noise. Any thoughts on a resolution for laptops that come in and out of the office?