We have a group or two that we would like to create a policy action that will look at the AD to see if the user that is logged in is a member of a specific AD Group. If a logged on user is a member of the Group we will unlock the USB to be writable. If the user is not a member of the group we will lockdown the USB to Read only.
The USB locking and that is the easy part. The part I’m looking for is to use WMI or something that will provide me a True/False if the user is a member of a specific AD Group.
If you are looking to do this in BigFix, I don’t think you can since the Client Service runs as a Local System account. You would have to have the client run as a AD Account, and I don’t know if that is even possible.
The following Fixlet Task and Manage Property will probably be very close to what you want.
In general, The Task will run at a specified period (for example, every hour) to retrieve Active Directory membership for the logon user. This is done using a program call RunAsCurrentUser. The Task will then generate a file with the membership info.
The Manage Property is used to retrieve the information back into the console.
Please take a look to see if this might work for you.