Re: Domain admin users audit

From: Herb Martin (news_at_LearnQuick.com)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 15:38:17 -0600

"mISARO" <anonymous@discussions.microsoft.com> wrote in message
news:161501c4d19c$7b14a370$a501280a@phx.gbl...
> Hi,
>
> I need to audit or verify every change that any user with
> domain admin rights do in the Domain Controller.

Audit Account Management is LIKELY what you wish, even
though it doesn't meet the technical requirement of auditing
"every" change by an admin.

> For instance: User Beth, she removed domain admin rights
> to another user who had them. For that reason the user had
> several problems working on a project. So the point is how
> may I know that she did it ? 'Cos at the same time she has
> full rights? How to audit that , or any software to check
> and keep a log about what changes or movements do all
> domain admins users !!
>

Account Management auditing will cover (most of) the things
you care about, but if you need most control or granularity you
can also audit specific Directory or File objects after turning
on Direct or File object auditing IN GENERAL.*

*The key point about auditing "objects", is that you must both
turn on the auditing in GENERAL and also set the auditing on
the specific objects (done with properties like permissions.) 

-- 
Herb Martin
> Thanks any comments !!!

Relevant Pages

  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • Re: auditing
    ... Enable auditing of account management will log the creation and changes to ... You can audit Directory Service access to audit OU's. ... This security setting determines whether to audit each event of account ... For specific instructions about how to configure auditing policy settings, ...
    (microsoft.public.win2000.active_directory)
  • Re: Autoexec.nt file missing?
    ... you can't enable Auditing on a computer running Home Edition. ... You must specify what to audit. ... > example, a file, folder, registry key, printer, and so forth-that has its ...
    (microsoft.public.windowsxp.newusers)
  • Re: Auditing Privilege Use - failure only but still get Success
    ... Success only (applies to remote access, ... Audit account management: No Auditing ... Audit privilege use: No Auditing ...
    (microsoft.public.win2000.group_policy)
  • RE: Capture Logins
    ... Auditing with Windows Server 2003 and XP is configured in several different ... auditing through the audit policy, which will usually begin the audit ... Reports changes to user accounts. ... Audit Policy Change: ...
    (microsoft.public.windows.server.general)