What is the best practice for preventing Override Group Missuse for MSP's?

A unscrupulous engineer may attempt to bypass 2FA by creating an account and assigning it to the override group or assigning themselves to the override group. To prevent this issue you can configure account auditing using the domain security policy and then use free Microsoft tools like EventCombMT to quickly query across all your servers in your domain looking for critical events like 660 (user added to a security group) and 661 (a user removed from a security group).

Step-by-step screencast of this: http://silverstr.ufies.org/AccountAuditing/AccountAuditing.htm

Note: This screencast is not be public and Dana will create an official Scorpion Software screencast.  This article should be updated with the new screencast and then the article can be published.



If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section