USER_GROUPS_POLICY

This policy item checks that a Windows user belongs to the groups specified in value_data. When using this audit, you can only test domain users against a domain controller. This check is not applicable to built-in users like “Local Service”.

Usage

<custom_item>

type: USER_GROUPS_POLICY

description: ["description"]

value_type: [value type]

value_data: [value]

(optional) check_type: [value]

user_name: ["user name"]

</custom_item>

Example

<custom_item>

type: USER_GROUPS_POLICY

description: "3.72 DG0005: DBMS administration OS accounts"

info: "Checking that the 'dba' account is a member of required groups only."

info: "Modify the account/groups in this audit to match your environment."

value_type: POLICY_MULTI_TEXT

value_data: "Users" && "SQL Server DBA" && "SQL Server Users"

user_name: "dba"

</custom_item>