June 26, 2014 at 7:32 am
I am using PBM to check if our 'sa' account on numerous servers is disabled and renamed.
Obviously I do not want the policy to check every login on the server, so I want to create a new condition so that the policy only evaluates against the 'sa' login.
As the 'sa' login has been renamed I cannot set the new condition up to check the 'Login' facet for the 'Name' field as the name of the login is no longer 'sa' on a number of our servers.
When I checked the list of fields available in the 'Login' facet I noticed that their is a 'Sid' field.
I thought this would solve my problem, as I know that 'sa' has a SID of 0x01.
However, when I try to use this field, the 'OK' button in the GUI remains grey, and it will not allow me to save my condition.
Does anyone know how to use the 'Sid' field in the 'Login' facet in PBM?
June 30, 2014 at 3:43 am
Has anyone had any experience with PBM that might be able to advise on this one?
December 11, 2015 at 4:57 am
I am having this same problem, I will keep looking into this but in the meantime if anyone has any ideas.
If I just enter the sid as 0x01 I get the error:
Error parsing '0x01'. Make sure string constants are enclosed in single quotes and facet properties are prefixed with '@' sign.
And if I wrap the sid in quotes I get:
Type Array cannot be compared to String.
December 11, 2015 at 5:53 am
Ok, so not very elegant but I do have a work around to this.
First of all I created a condition called (in my case) "SA Login" in the Login Facet with the following expression:
@Name = <your new sa name> OR @Name = 'sa'
Then a second condition called "SA Renamed" (I know not very exciting), again in the Login Facet as;
@Name = <your new sa name> AND @Name != 'sa' --Please not the difference here
Finally the policy "Rename the 'sa; Login Account" has the check condition of "SA Renamed" and is filtered against the targets "SA Login"
As I say, this may not be the most elegant way of doing things but until I work out the @sid error this at least works for me.
Oh, yeah, as a footnote, with regard to the SA disabled I have a condition on the Login Facet as @IsDisabled = True, my policy then evaluates against that condition again filtering on the "SA Login" condition created previously. I am sure you could create one policy that checked both conditions (disabled and renamed) but I like the granularity of this.
December 14, 2015 at 7:36 am
For Information, I did manage to get this working.
In the 'conditions' I created a target called 'Only SA Login'.
This condition uses a facet of 'Login' and, using the standard pull-downs in the expression field has the following expression:
@ID = 1
Note: it is 1 NOT 0x01 as expected.
In the Policy amend the 'Against targets' field to show the condition created above.
It appears to be working as designed.
Hope this helps
December 15, 2015 at 3:48 am
That works nicely
December 15, 2015 at 7:18 am
I should have put the solution up some months ago but forgot - sorry!
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply