Knowledge Base


Group Policy Management is required by the EventSentry ADMonitor Service to detect Group Policy changes and needs to be installed on the machine that is running EventSentry ADMonitor. Group Policy Management can be installed by opening an elevated PowerShell prompt and entering the following command: InstallWindowsFeature Name GPMC Aft...

KB-ID 392
Category: ADMonitor
Applies to: 4.0

EventSentry ADMonitor utilizes the adminCount attribute that is associated with AD user accounts to determine whether a user has administrative permissions. Windows sets this attribute when a user is added to what is referred to as a protected group see below. Unfortunately Windows does not remove the attribute if a user is subsequently ...

KB-ID 412
Category: ADMonitor
Applies to: 4.0 or newer

EventSentry ADMonitor uses the 39adminCount39 attribute to determine whether a user is an administrator. However since this attribute is not reset by Windows after a user is removed from an administrative protected group this can sometimes lead to inaccurate reports. You can read more about the 39adminCount39 attribute in KB article ...

KB-ID 417
Category: ADMonitor

For additional security you can restrict the EventSentryADMonitor account to only be allowed to be used on the EventSentry server and domain controllers and also block it from performing any sensitive functions RDP console service batch job etc on domain controllers. In Active Directory select the EventSentryADMonitor acco...

KB-ID 444
Category: ADMonitor
Applies to: 4.0 and newer