Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2021-11-13 15:08:19
Zabbix
Sergey, 2021-11-13 15:08:19

How to track changes in the local administrators group?

There are several servers where domain users are in the local administrators group.
It is required to monitor changes in the Local Admins group. So that new admins do not appear.
How can this be done through ZABBIX?

PS. Also do not say that it is not necessary to give the rights of administrators. I know! And this is my sore spot. But alas, not everything is decided by system administrators. The problem is that users, having received the rights, begin to create gag. I would like to track it somehow.
If you have any other advice, I'd be very grateful.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Roman Bezrukov, 2021-11-13
@bk0011m

Zabbix Agent can also look into Windows system logs - you can catch events 4732 (adding to a group) and / or 4733 (removing from a group) on servers in the Security Log, whose TargetSid is equal to S-1-5-32-544

Report
N
nApoBo3, 2021-11-13
@nApoBo3

Restrict membership in the local admins group by group policy.

Similar questions
K
Konstantin Frolov2017-03-16 13:22:52
How to add an Action to Zabbix? 0Reply
T
tutunak2015-03-15 18:04:23
Are there server monitoring services like zabbix, only in the cloud? 4Reply
S
sbcreed2019-09-03 18:48:50
Zabbix parses penultimate line in log file? 3Reply
A
anton13ms2019-09-06 06:32:11
Is it possible to add custom triggers to Zabbix? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question