Monitoring changes to Domain Administrators Group in SCOM

Dashboard Server
,
1

Is there a way I can monitor changes to the Domain Administrators Group? I’m on SCOM 2016.

2

Hi,

of course, check this blog:

https://blogs.technet.microsoft.com/klince/2011/05/18/how-to-configure-scom-to-monitor-for-changes-to-the-domain-admins-group/

1 Like
3

Or go all out and use SCOM to monitor for breaches:

https://squaredup.com/blog/introducing-the-security-monitoring-management-pack-for-scom/

1 Like
4

Yes you can, we do it with all our ‘sensitive’ groups on our domain.

But you can shortcut the process by implementing a MP that someone has already done :slight_smile:

https://blogs.technet.microsoft.com/nathangau/2017/05/01/introducing-the-security-monitoring-management-pack-for-scom/

1 Like
5

haha. snap at the same moment. :slight_smile:

6

High Five :smiley: