April 29, 2011 at 12:19 pm
Hi,
I'm trying to create a policy to check that the Server Roles for BUILTIN\Administrators includes sysadmin. I've not been able to locate a Server Role facet or other facet that includes a property for Server Role.
So far I've got a condition on the login facet @Name = 'builtin\administrators'. I"m using this as the target for the policy, but that big missing piece is where to check the server role.
Anyone know where the needle is?
April 29, 2011 at 3:21 pm
Thanks I actually saw that and it doesn't do what I'm trying to do.
I've tried this:
Facet: Server Installation (not mentioned in that link)
@WindowsUsersAndGroupsInSysadminRole = Array('builtin\administrators')
The array that gets returned is all users and groups in the sysadmin role so it fails.
If you have many servers with different lists of sysadmins, this won't work.
April 29, 2011 at 3:48 pm
I spent most of my day figuring this out so I decided to create a blogger account:
http://jonmorisissqlblog.blogspot.com/2011/04/configure-policy-to-checks-that.html
April 29, 2011 at 3:50 pm
May 2, 2011 at 9:15 am
Awesome, thanks for sharing your solution!
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply