1 Reply Latest reply on Apr 6, 2015 4:03 PM by bhegarty

    Monitoring service account interactive logons

    ttl

      So I'm trying to get up a rule to monitor whether a service account is logging in interactively (I know this can be disabled though GP, but humor me for a minute). The thing I'm running into is that (typically) service accounts go into the Service Accounts OU, which doesn't appear to be selectable using an Active Directory Group. I'm probably missing something obvious, but is there some way to select for this OU so that it monitors anyone who's in it? Thanks.

        • Re: Monitoring service account interactive logons
          bhegarty

          We recently did this ourselves.  LEM won't monitor an OU, only a security group.  We created a security group in AD called "service accounts".  Placed all our service accounts in there.  When we created the rule for interactive logins, we just located the new security group via "directory services" in LEM.  works like a charm.