CHECK_LOCAL_GROUP
This policy item checks group names and status of Groups listed in lusmgr.msc.
Usage
<custom_item>
type: CHECK_LOCAL_GROUP
description: ["description"]
value_type: [VALUE_TYPE]
value_data: [value]
group_type: [GROUP_TYPE]
(optional) check_type: [CHECK_TYPE]
</custom_item>
This item uses the group_type field to describe which account must be audited. The allowed types are:
- ADMINISTRATORS_GROUP
- USERS_GROUP
- GUESTS_GROUP
- POWER_USERS_GROUP
- ACCOUNT_OPERATORS_GROUP
- SERVER_OPERATORS_GROUP
- PRINT_OPERATORS_GROUP
- BACKUP_OPERATORS_GROUP
- REPLICATORS_GROUP
The allowed types for the value_type field are:
-
POLICY_SET (status of the group is checked)
value_type: POLICY_SET
value_data: "Enabled" or "Disabled"
-
POLICY_TEXT (name of the group is checked)
value_type: POLICY_TEXT
value_data: "Guests1"(In this casevalue_datacan be any text string)
Examples
<custom_item>
type: CHECK_LOCAL_GROUP
description: "Local Guest group must be enabled"
value_type: POLICY_SET
value_data: "enabled"
group_type: GUESTS_GROUP
check_type: CHECK_EQUAL
</custom_item>
<custom_item>
type: CHECK_LOCAL_GROUP
description: "Guests group account name should be Guests"
value_type: POLICY_TEXT
value_data: "Guests"
group_type: GUESTS_GROUP
check_type: CHECK_EQUAL
</custom_item>
<custom_item>
type: CHECK_LOCAL_GROUP
description: "Guests group account name should not be Guests"
value_type: POLICY_TEXT
value_data: "Guests"
group_type: GUESTS_GROUP
check_type: CHECK_NOT_EQUAL
</custom_item>