You are here: Compliance Check Types > Windows Configuration > Custom Items > USER_GROUPS_POLICY

USER_GROUPS_POLICY

This policy item checks that a Windows user belongs to the groups specified in value_data. When using this audit, you can only test domain users against a domain controller. This check is not applicable to built-in users like “Local Service”.

Usage

<custom_item>

type: USER_GROUPS_POLICY

description: ["description"]

value_type: [value type]

value_data: [value]

(optional) check_type: [value]

user_name: ["user name"]

</custom_item>

Example

<custom_item>

type: USER_GROUPS_POLICY

description: "3.72 DG0005: DBMS administration OS accounts"

info: "Checking that the 'dba' account is a member of required groups only."

info: "Modify the account/groups in this audit to match your environment."

value_type: POLICY_MULTI_TEXT

value_data: "Users" && "SQL Server DBA" && "SQL Server Users"

user_name: "dba"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.