system
November 10, 2010, 11:11pm
1
(imported topic written by flayofish91)
Is it possible to set a relevance exclusion on a machine name based on it’s membership to security groups in AD?
I’m looking to set a relevance exclusion based on the following:
machinename is not a member of security group A or security group B in Active Directory.
-thanks
Noah
November 11, 2010, 3:42am
2
(imported comment written by NoahSalzman)
Any of these posts help? In reference to some of the examples in those posts, you are probably looking for “not exists” rather than “exists”.
http://forum.bigfix.com/viewtopic.php?id=1905
http://forum.bigfix.com/viewtopic.php?id=3181
http://forum.bigfix.com/viewtopic.php?id=3747
Also, every time AD is mentioned we always give the warning: be careful asking 1000s of endpoints questions (via Relevance) about AD security permissions as you can easily DoS your AD server.
system
November 12, 2010, 10:50pm
3
(imported comment written by flayofish91)
Thanks for the info, Noah.
Is there a way to query the local machine instead, like gpresult to get the info, or wmi against AD the best way to go?