I am trying to setup a policy today for a customer that identifies everywhere that the corporate\domain users group is being used on governed data. Using the below yields 0 objects even though we know there are several folders
And shares where this group is acled. Any thoughts on what I should modify to make this policy work? thanks for your help
(DisplayValue like N'%corporate\Domain users%')
AND ( EXISTS
(
SELECT 1 FROM
(SELECT UID_QAMTrustee FROM QAMSecurityEntry WHERE EXISTS
(
SELECT 1 FROM
(SELECT UID_QAMPolicyRightSet FROM QAMPolicyRightSet WHERE Ident_QAMPolicyRightSet like N'%AllowRead%') as X
WHERE X.UID_QAMPolicyRightSet = QAMSecurityEntry.UID_QAMPolicyRightSet
) ) as X
WHERE X.UID_QAMTrustee = QAMTrustee.UID_QAMTrustee
) )