[PATCH] s4 group_audit: Add Windows Event Id's to Group membership changes
Gary Lockyer
gary at catalyst.net.nz
Thu Dec 20 20:07:25 UTC 2018
* Generate a GroupChange event when a user is created with a
PrimaryGroup membership. A "PrimaryGroup" message is still generated,
but adding a "GroupChange" on the user add ensures that all group
membership changes are logged consistently.
* Log the windows event id in the JSON GroupChange message.
Event Id's supported are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global
group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global
group
4756 A member was added to a security enabled universal
group
4757 A member was removed from a security enabled universal
group
4761 A member was added to a security disabled universal
group
4762 A member was removed from a security disabled universal
group
Review appreciated
Ngā mihi
Gary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 180.patch
Type: text/x-patch
Size: 62507 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20181221/5e2a221b/180.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20181221/5e2a221b/signature.sig>
More information about the samba-technical
mailing list