isn't it though? none of the agents come configured with resolveguid set. all of this has to be done post installation, post agent rollout. there's no command-line tool or built-in task to simplify this process. at the request of one of the management mvps, i wrote a script to use as a mom task.
the background: by default, when security events are picked up, the sids/guids are not resolved. if you're into resolving them manually, you're set (or manic or crazy or [insert favorite word for getting institutionalized]). otherwise, using the resolveguid registry key will automatically resolve the sids/guids. microsoft published an article about it. if you want the more (frenetic) information with a canadian sense of humor, rory has blogged ad nauseum on this topic.
the foreground: i've linked to the script at the end of this blog. all you need to do is go to one of them, copy the contents into the clipboard and create a new script in mom. i used these parameters for the mom script properties:
- name: [clever, easily identifiable name]
- description: adds resolveguid registry key to mom agent
- language: vbscript
- script: [paste script here]
- parameters: none
- run location: agent-managed computer
- task type: script
- target role: mom agent
- script to run: [clever, easily identifiable name of your script above]
- parameter default values: [none]