Out of the skunkworks here at Squidworks comes a new Kaseya Agent Procedure. This procedure (Script) pulls all members of privileged accounts groups like Domain Admins, Enterprise Admins and Schema Admins and stores it to the GETFILE location on your K-Server. Also viewable using LiveConnect -> Agent Data -> GetFile Tab.  You can add and remove groups from the VBScript to match your needs. The nice thing about this script is it finds out what your Forest is and queries the domains inside. You do not need to edit script for every domain in your customer base. This 1 script will query any domain it is pointed at, with out knowing what the domain name is! (Sweet) This makes it a great tool to deploy across all customers as it requires no edits to run on any domain.

The script should be scheduled to run every day, each time it is run it copies a new file up to the GETFILE area and does a compare of the 2 files. If they are not exactly the same it will send an alert that a change has happened.

You then need to watch for this alert to happen and alarm on it. To do this you will goto your Monitor tab in Kaseya. In the main menu under Agent Monitoring select Alerts. In the main window under alerts you will find a drop down selection box called “Select Alert Function“. In this drop down list locate and select “Get Files” then select the AD server you are running the script on and set it to Alarm and email you upon change.

That’s It. It will check your accounts and if a change takes place it then alerts you that a change has happened to which you can investigate. This works great if you need to keep people out of these privileged accounts groups. 

AD Admin Audit Kaseya Script Zip



8 Responses to “Kaseya Agent Procedure -> Alert if Privileged Account are changed in Active Directory”

  1. james says:

    Hi, I think that this tool is very useful for a big enterprises with a lot of technicians… everybody can forget to delete a user added to administrator group for technical reasons.

    I’m looking for some similar tool which can run on Nagios. Do you know if exist?

    thanks and congratulations

  2. Eric Nemchik says:

    Hi, This script seems really handy, but is it able to monitor multiple active directories at once?
    The reason I ask is in the procedure it copies /AD-Audits/AD-Admin-Audit.txt which in my head if two different AD servers both overwite that file on my kserver it would constantly trigger events (correct?)
    My thinking to solve this would be to use /AD-Audits/AD-Admin-Audit-#vAgentConfiguration.Machine_GroupID#.txt
    maybe this isnt needed?

  3. Eric Nemchik says:

    ignore my comment, i’ve done some reading and figured out how getFile() works, so excuse my ignorance

  4. whoah this blog is fantastic i really like studying your posts.
    Keep up the good work! You understand, a lot of persons are searching around
    for this info, you could aid them greatly.

  5. Gerry says:

    Cubert, Great Post. How can we add your script to Kaseya Agent Procedures?

  6. Gerry says:

    Nevermind, got it

Leave a Reply