Hi,
Performing IDR tuning and noticed that when performing Privilege Escalation for local groups (Print Operators, Backup Operators, Built-in Administrators) we are not receiving alerts. Is this expected behavior?
Thanks
@heath_higgins we have an alert named
Account Privilege Escalated, have you verified that this is set to Alert?
David
@david_smith - yes it is enabled and works when escalating against privileged domain groups. it does not work on local privileged groups.