CHECK_LOCAL_GROUP

This policy item checks group names and status of Groups listed in lusmgr.msc.

Usage

<custom_item>

type: CHECK_LOCAL_GROUP

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

group_type: [GROUP_TYPE]

(optional) check_type: [CHECK_TYPE]

</custom_item>

This item uses the group_type field to describe which account must be audited. The allowed types are:

  • ADMINISTRATORS_GROUP
  • USERS_GROUP
  • GUESTS_GROUP
  • POWER_USERS_GROUP
  • ACCOUNT_OPERATORS_GROUP
  • SERVER_OPERATORS_GROUP
  • PRINT_OPERATORS_GROUP
  • BACKUP_OPERATORS_GROUP
  • REPLICATORS_GROUP

The allowed types for the value_type field are:

  • POLICY_SET (status of the group is checked)

    value_type: POLICY_SET

    value_data: "Enabled" or "Disabled"

  • POLICY_TEXT (name of the group is checked)

    value_type: POLICY_TEXT

    value_data: "Guests1" (In this case value_data can be any text string)

Examples

<custom_item>

type: CHECK_LOCAL_GROUP

description: "Local Guest group must be enabled"

value_type: POLICY_SET

value_data: "enabled"

group_type: GUESTS_GROUP

check_type: CHECK_EQUAL

</custom_item>

<custom_item>

type: CHECK_LOCAL_GROUP

description: "Guests group account name should be Guests"

value_type: POLICY_TEXT

value_data: "Guests"

group_type: GUESTS_GROUP

check_type: CHECK_EQUAL

</custom_item>

<custom_item>

type: CHECK_LOCAL_GROUP

description: "Guests group account name should not be Guests"

value_type: POLICY_TEXT

value_data: "Guests"

group_type: GUESTS_GROUP

check_type: CHECK_NOT_EQUAL

</custom_item>