Guest user is not part of Domain Users group

EvotecIT / Testimo

Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests

MIT License

526 stars 58 forks source link

Guest user is not part of Domain Users group #88

Closed itpro-tips closed 4 years ago

itpro-tips commented 4 years ago

The 'Primary Group shouldn't be changed from default Domain Users' test always fails.

The reason is guest user has, by default, PrimaryGroupID=514 (GROUP_RID_GUEST) and not 513. Maybe you had a good reason to not excluded the guest user of this test ?

If not, exclusion can be made with SID to be independant of AD language S-1-5-21-501

PrzemyslawKlys commented 4 years ago

I fixed this yesterday

https://github.com/EvotecIT/Testimo/blob/2790438f30ab91bcc0fb3d453cc5d47a4597bb6e/Private/SourcesDomain/SecurityUsers.ps1#L25

It wasn't committed as I started adding support for different forests. It should be either Domain Users or Domain Guests (I guess only for 1 account).

PrzemyslawKlys commented 4 years ago

But maybe it's just better to exclude guest user and not whole Group SID.