Hi,
I'm fairly new to LEM, loving it so far! Since I had set it up, the following alert "group changed "builtin\administrators" security enabled local group at" has been triggering every 15 - 20 minutes. The Event name in the Console is "ChangeGroupAttribute". This I suspect is a GPO we have that adds a couple service accounts to the local admins group on the member server. What I would like to do is change the Rule to exclude Source Accounts with "$" in them rather that disable the rule all together. However I don't know which rule is triggering the alert Any ideas?
-Chad