• State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 25 subscribers
  • Views 1082 views
  • Users 0 members are here
Options
Related

Removing administrators etc. from recertification

Swede

Hi there,

I am just doing my first steps with ARM and right now I am kind of stuck in the recertification process. (among others)

I thought blacklisting would remove the users from in the change configuration settings would help, but this changed nothing.

Then I tried editing the settings in "views and reports" which worked partially. It removed the users, but I can still see the groups in the recertification.

I do not want the data owners to be able to remove the permissions of my admins or backup task users or groups - or any other functional user for that matter.

How can I restrict the recertification process to ... well... pretty much my normal AD users folder. or at least to a select group of hand picked users. Or anything else than what I am seeing now.

Grateful for any thoughts or hints on how I can go about this.

-Chris

Parents
  • 0

    Hey  

    Exclude accounts from ARM recertification:


    It can be very useful not to display certain, e.g. technically necessary accounts to the data owners during recertification. This is possible for the recertification of file server permissions as well as for Active Directory group memberships.

    To exclude accounts from recertification, you must make the following changes to the configuration files:

    Configuration file
    pnServer.config.xml

    Computer
    ARM-Server

    Path

    %ProgramData%\protected-networks.com\8MAN\cfg

    Code examples

    <fileSystem>
 <recertification>
  <suppressSidsByRexExpression type="System.String">-512$;</suppressSidsByRexExpression>
 </recertification>
</fileSystem>

<activeDirectory>
 <recertification>
  <suppressSids type="System.String">S-1-5-32-544;S-1-5-32-551;</suppressSids>
 </recertification>
</activeDirectory>


    Possible values

    List of SIDs separated by semicolons or a regular expression to exclude a group of SIDs. For example the regular Expression -512$; excludes domain admin accounts from the recertification.

  • 0 in reply to Parthchandarana07

    For the record:

    I also checked my ARM for possible data.

    I did find an SID of an admin user, but it is far much longer than the figures you mention

    i.e.: S-1-5-21-4293041663-4232857113-14780292413-7128

Reply Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Customer Portal
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.