Ever wondered how you automatically notify the user that a managed password (typically the Administrator account) has been accessed by an administrator when using Local Security Solution? No Notification Policy exists by default.
Learn how to install just such a Notification Policy in this tip.
Save the following XML and import it into your Notification Policy folder under Local Security Solution.
<item guid="{08dd7ae1-476c-4315-868a-c80bd9f3db68}" classGuid="{ff0a95e4-304e-45d2-90b7-7d0267865a25}"> <!-- Type: Altiris.NS.StandardItems.Policies.NotificationPolicy --> <!-- Assembly: Altiris.NS.StandardItems, Version=6.0.6074.30, Culture=neutral, PublicKeyToken=d516cb311cfb6e4f --> <name>Notify Primary User of Admin Password Disclosure</name> <alias /> <productGuid>{a7d32f79-5ac0-4a9c-a980-046752703ac6}</productGuid> <itemAttributes>Normal</itemAttributes> <itemLocalizations> <culture name=""> <description /> <name>Notify Primary User of Admin Password Disclosure</name> </culture> <culture name="en"> <description /> </culture> </itemLocalizations> <enabled>True</enabled> <scheduling> <enabled>True</enabled><schedule name="Custom Schedule"><Trigger Type="1" Duration="1440" Interval="15" KillAtEnd="0" Disabled="0" Description="Every 15 minutes from 9:00 AM for 24 hours every 1 days, starting Sunday, March 04, 2007"><BeginDate>2007-03-04 09:00:00</BeginDate><DaysInterval>1</DaysInterval></Trigger></schedule><sharedSchedule>{00000000-0000-0000-0000-000000000000}</sharedSchedule></scheduling> <policyActionParameters /> <dataSource sourceType="Query"> <query type="builderQuery"> <queryBuilder> <directEdit /> <userCustomized><![CDATA[SELECT Disclosure._ResourceGuid AS _UserGuid, Disclosure.UserGuid AS _DisclosedUserGuid, dbo.vComputer.Name, dbo.vComputer.[Domain], ManagedUser.Name AS [Manager User], DisclosedToUser.Name AS [Disclosed User], Disclosure.Disclosed, Disclosure.[Remote IP Address], p.[Month], p.[User] FROM dbo.Evt_User_Account_Password_Disclosure Disclosure INNER JOIN dbo.vResourceEx DisclosedToUser ON Disclosure.UserGuid = DisclosedToUser.Guid INNER JOIN dbo.Inv_Global_Account_Details ON Disclosure._ResourceGuid = dbo.Inv_Global_Account_Details._ResourceGuid INNER JOIN dbo.vComputer ON dbo.Inv_Global_Account_Details.AccountDomain = dbo.vComputer.Guid INNER JOIN dbo.vResourceEx ManagedUser ON Disclosure._ResourceGuid = ManagedUser.Guid LEFT OUTER JOIN dbo.Inv_AeX_AC_Primary_User p ON dbo.vComputer.Guid = p._ResourceGuid WHERE DATEDIFF(Minute, Disclosure.Disclosed, GETDATE()) <= 17 AND ( (p.[Month] = DATENAME(m, GETDATE()) ) or (isnull(p.[Month], '') = '') ) ]]></userCustomized> </queryBuilder> </query> </dataSource> <parentFolderGuid>aafe5a46-7dda-461f-b54c-0aa8e37d606f</parentFolderGuid> <security owner="@APPLICATION_ID" inherit="True"> <aces> <ace type="reserved" name="@APPLICATION_ID"> <permissionGrants> <permissionGrant guid="{ac296df1-eb40-4592-899f-25d5c07d45f6}" name="Write" /> <permissionGrant guid="{819dae1e-b1a5-4643-81a1-26ef95feb8a8}" name="Change Permissions" /> <permissionGrant guid="{983a2d22-7a82-4db0-a707-52c7d6b1441e}" name="Read" /> <permissionGrant guid="{eca6254f-5017-4730-9b3f-5add230829b7}" name="Delete" /> <permissionGrant guid="{726b1c09-7108-450d-ae24-5f8e93135ed6}" name="Clone" /> <permissionGrant guid="{4ddc04c3-f0a5-4e88-84aa-c44c8c5ebcc4}" name="Read Permissions" /> <permissionGrant guid="{24feda4a-9025-401f-befd-cc9c9e99f047}" name="Policy Enable" /> </permissionGrants> </ace> </aces> </security> <itemReferences> <itemReference guid="{4eafa08c-ffcb-464b-be4a-3dcecfe0e6fb}" hint="npmessagesubscriber" type="DependentChild"><item guid="{4eafa08c-ffcb-464b-be4a-3dcecfe0e6fb}" classGuid="{a0c42a97-67e9-4e30-b392-7076999dfd2d}"> <!-- Type: Altiris.NS.StandardItems.NSMessaging.Subscribers.NPEmailMsgSubscriber --> <!-- Assembly: Altiris.NS.StandardItems, Version=6.0.6074.30, Culture=neutral, PublicKeyToken=d516cb311cfb6e4f --> <name>Email Primary User</name> <alias /> <productGuid>{a7d32f79-5ac0-4a9c-a980-046752703ac6}</productGuid> <itemAttributes>Hidden</itemAttributes> <itemLocalizations> <culture name=""> <description /> <emailmessage>User account who the admin password was disclosed to: %DS:Disclosed User% The name of the computer the password has administrative rights to: %DS:Name% Name of the local account the admin password was disclosed for: %DS:Manager User% Date / Time the password was disclosed: %DS:Disclosed% IP Address of the computer on which the user account was logged on when the admin password was disclosed: %DS:Remote IP Address% </emailmessage> <emailsubject>Administrator Password Disclosure Alert</emailsubject> <name>Email Primary User</name> </culture> <culture name="en"> <description /> </culture> </itemLocalizations> <enabled>True</enabled> <enabled>true</enabled> <noUIDelete>false</noUIDelete> <policyActionConfiguration><emailPolicyAction eachRow="true"> <to><![CDATA[%DS:User%@company.com;admin.email@company.com]]></to> <from><![CDATA[]]></from> <cc><![CDATA[]]></cc> <subject><![CDATA[Administrator Password Disclosure Alert]]></subject> <message><![CDATA[User account who the admin password was disclosed to: %DS:Disclosed User% The name of the computer the password has administrative rights to: %DS:Name% Name of the local account the admin password was disclosed for: %DS:Manager User% Date / Time the password was disclosed: %DS:Disclosed% IP Address of the computer on which the user account was logged on when the admin password was disclosed: %DS:Remote IP Address% ]]></message> </emailPolicyAction></policyActionConfiguration> <parentFolderGuid>00000000-0000-0000-0000-000000000000</parentFolderGuid> </item></itemReference> <itemReference guid="{963e6e66-2be9-44e2-81cc-9fd4e034de39}" hint="npmessagefilter" type="DependentChild"><item guid="{963e6e66-2be9-44e2-81cc-9fd4e034de39}" classGuid="{bfa1aa3f-4a1d-453e-90d2-7ba2d3dec768}"> <!-- Type: Altiris.NS.StandardItems.NSMessaging.Filters.NPMessageFilter --> <!-- Assembly: Altiris.NS.StandardItems, Version=6.0.6074.30, Culture=neutral, PublicKeyToken=d516cb311cfb6e4f --> <name>Message Filter for Notification Policy {08dd7ae1-476c-4315-868a-c80bd9f3db68}</name> <alias /> <productGuid>{08dd7ae1-476c-4315-868a-c80bd9f3db68}</productGuid> <itemAttributes>Hidden</itemAttributes> <itemLocalizations> <culture name=""> <description>Filters messages that are created by (and destined for) a Notification Policy</description> <name>Message Filter for Notification Policy {08dd7ae1-476c-4315-868a-c80bd9f3db68}</name> </culture> <culture name="en"> <description>Filters messages that are created by (and destined for) a Notification Policy</description> </culture> </itemLocalizations> <nsMessageSource>08dd7ae1-476c-4315-868a-c80bd9f3db68</nsMessageSource> <nsMessageTypeGuid>{e12a0e9e-30a0-4529-b38d-493fed8744b4}</nsMessageTypeGuid> <parentFolderGuid>aafe5a46-7dda-461f-b54c-0aa8e37d606f</parentFolderGuid> </item></itemReference> </itemReferences> </item>