Unknown User Profiles Detection

Summary

The internal monitor identifies machines that have unknown user profiles. The data is collected by the User Profile - Get Information script.

Note: The internal monitor does not depend on the Domain Trust Relationship Check remote monitor. However, it will not detect the machines identified by the Domain Trust Relationship Check remote monitor to prevent identifying machines that have a broken trust relationship with the domain. Since the User Profile - Get Information script cannot properly retrieve accounts for these machines, it will add '(Inferred)' to the remote user names.

Dependencies

• EPM - Accounts - Script - User Profile - Get Information
• EPM - Accounts - Custom Table - plugin_proval_userprofiles
• CWM - Automate - Script - Ticket Creation - Computer

Target

Global

Alert Template

△ Custom - Ticket Creation - Computer

Ticketing

Subject: Unknown User Profiles Detected on %ComputerName%

Body:

%FIELDNAME% unknown user profiles detected on %ComputerName%  
Details:  
%RESULT%

%FIELDNAME%: Number of unknown profiles

%RESULT%: Information of unknown profiles.

Example %RESULT%:

Username: user1 (Inferred)
UserProfile: C:/Users/user1
ProfileSizeMB: 8090
UserSid: S-1-5-21-1327865892-1327865892-1327865892-12106

Username: user2 (Inferred)
UserProfile: C:/Users/user2
ProfileSizeMB: 1237
UserSid: S-1-5-21-1327865892-1327865892-1327865892-1758