cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Check Membership of a Custom Security Group on File Server

Jump to solution

I am needing to create a monitor with a filter condition that would query a custom local security group on a file server.

I know that using a Active Directory domain group or even a SEM group would be easier and probably even suggested, but due to some constraints in my environment, that solution does not give me the results i am looking for in response times.

I have tested the monitor I have created with both Active Directory domain groups or even a SEM groups and it works great, so I know the logic of my monitor is good, I was wondering if a local group could be used in their place.

Has anyone had any experience with using server local security groups in this way?

0 Kudos
1 Solution

There's no built in way to have LEM look up a local security group, what he was suggesting is having lem use a rule to watch for changes to the local group and then have the alert action modify the contents of the LEM user defined group as they happen so you don't have to manually update it every time.

- Marc Netterfield, Github

View solution in original post

6 Replies
Product Manager
Product Manager

What information do you need to monitor for the Local Security Groups? There's some Event ID's that specifically related to Local Security Groups, for example Event ID 4732​ will tell you that a user has been added to a local security group. You you then build filters in SEM to capture those events, and include the group name in the filter also if needed.

0 Kudos
Level 8

I don't know if i described it quite right in my original post. I have figured out how to monitor changes to the local group. What i am looking to do is check group membership in the rule. What i am using now is a LEM User Defined group in the rule. In logical terms the rule says "if user is not a member of the LEM User Defined group then...apply rule". I want to use a local security group instead of the LEM User Defined group.

0 Kudos

There's no built in way to have LEM look up a local security group, what he was suggesting is having lem use a rule to watch for changes to the local group and then have the alert action modify the contents of the LEM user defined group as they happen so you don't have to manually update it every time.

- Marc Netterfield, Github

View solution in original post

Level 8

Yeah. that sort of where i was leaning also. I just wanted to be sure that i exhausted my options and i wasn't missing something.

Thanks for your reply.

0 Kudos
Level 14

Sounds like you want to create a Directory Service Group:

Configure directory service groups in SEM

0 Kudos
Level 8

Is it possible to create a directory service group to sync with a server (not a domain controller) local security group? I thought you could only do that to an Active Directory directory service group.

0 Kudos