Group member Add/Remove Report

Group member Add/Remove Report (Full Version)

All Forums >> [Networking & Security] >> GFI EventsManager

Message

RH_Kratos -> Group member Add/Remove Report (8.Jun.2009 12:13:59 PM)
Is there a way to get a scheduled report out of ReportPack that shows when users are added or removed from security and distribution groups? I could create a generic windows event report, but that would not show which group was changed. Any ideas?

DrewE -> RE: Group member Add/Remove Report (8.Jun.2009 5:03:58 PM)
Do you have one specific event within the windows event log that is providing you with this information?

RH_Kratos -> RE: Group member Add/Remove Report (9.Jun.2009 8:07:20 AM)
There is not one particular event that logs all group changes. The following track the changes we would like in the report: 632 Security Global Group Member added 633 Security Global Group Member removed 636 Security Local Group Member added 637 Security Local Group Member removed 650 Distrib. Local Group Member added 651 Distrib. Local Group Member removed 655 Distrib. Global Group Member added 656 Distrib. Global Group Member removed 660 Security Universal Group Member added 661 Security Universal Group Member removed 665 Distrib. Universal Group Member added 666 Distrib. Universal Group Member removed We need to see which group and which user account was added/removed in the report. Thanks.

DrewE -> RE: Group member Add/Remove Report (10.Jun.2009 12:41:05 PM)
There is currently not one report within the report pack to do this, beyond the Generic Windows event. You can try creating a query from GFI EventsManager "EventsBrowser" tab which should help.

RH_Kratos -> RE: Group member Add/Remove Report (10.Jun.2009 1:12:32 PM)
Yes, but then I would need to have the administrators that want to view the report become users of EventsManager. Whereas with a scheduled PDF report, they only need to be able to open an email attachment. Will the next version of ReportPack have the ability to get any data out? Or will the reports still be at the discretion of the programmers? About the events browser tab - Is there a way to change the default view from showing all events? When I click on the tab and EVM tries to show millions & millions of events, I usually have to do something else (like lunch) while I wait.

DrewE -> RE: Group member Add/Remove Report (10.Jun.2009 1:58:14 PM)
I'm not aware of any plans to update the report pack at this time, although we are always adding new reports to it with each release. Currently, there is no way to change GFI EventsManager from showing the All Events tab at start.

Arielle -> RE: Group member Add/Remove Report (11.Jun.2009 4:27:05 AM)
You can change the default view in the Events Browser by putting the view you want at the top. Right click on the view and select 'Move Up' to move it to the top. When the application is opened and you go to the Events Browser tab it will display the first view. However if it is opened and you have selected the 'All Events' view, you go to another tab and then get back to the Events Browser tab it will display the 'All Events' view as it's the one you had selected. Also, there is currently one report to see members added/removed for Security groups only, this is under Account management > Security group management, and it reports on the following events. 631 Security Enabled Global Group Created 632 Security Enabled Global Group Member Added 633 Security Enabled Global Group Member Removed 634 Security Enabled Global Group Deleted 635 Security Enabled Local Group Created 636 Security Enabled Local Group Member Added 637 Security Enabled Local Group Member Removed 638 Security Enabled Local Group Deleted 639 Security Enabled Local Group Changed 641 Security Enabled Global Group Changed 659 Security Enabled Universal Group Changed 660 Security Enabled Universal Group Member Added 661 Security Enabled Universal Group Member Removed 662 Security Enabled Universal Group Deleted 668 Group Type Changed

RH_Kratos -> RE: Group member Add/Remove Report (11.Jun.2009 7:50:36 AM)
Thanks for that tip. I'll give it a try. Unfortunately that existing report doesn't help with Security Disabled (Distribution) type groups. And that is part of what I am being asked for.

Page: [1]