Out of the skunkworks here at Squidworks comes a new Kaseya Agent Procedure. This procedure (Script) pulls all members of privileged accounts groups like Domain Admins, Enterprise Admins and Schema Admins and stores it to the GETFILE location on your K-Server. Also viewable using LiveConnect -> Agent Data -> GetFile Tab. You can add and remove groups from the VBScript to match your needs. The nice thing about this script is it finds out what your Forest is and queries the domains inside. You do not need to edit script for every domain in your customer base. This 1 script will query any domain it is pointed at, with out knowing what the domain name is! (Sweet) This makes it a great tool to deploy across all customers as it requires no edits to run on any domain.
The script should be scheduled to run every day, each time it is run it copies a new file up to the GETFILE area and does a compare of the 2 files. If they are not exactly the same it will send an alert that a change has happened.
You then need to watch for this alert to happen and alarm on it. To do this you will goto your Monitor tab in Kaseya. In the main menu under Agent Monitoring select Alerts. In the main window under alerts you will find a drop down selection box called “Select Alert Function“. In this drop down list locate and select “Get Files” then select the AD server you are running the script on and set it to Alarm and email you upon change.
That’s It. It will check your accounts and if a change takes place it then alerts you that a change has happened to which you can investigate. This works great if you need to keep people out of these privileged accounts groups.