Re: Account management events audit !!

From: fex (anonymous_at_discussions.microsoft.com)
Date: 11/30/04

Next message: Ryan Hanisco: "Re: All AD User Accounts Locked"
Previous message: Ryan Hanisco: "Re: Add attribute to Active Directory"
In reply to: Paul Bergson: "Re: Account management events audit !!"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 29 Nov 2004 18:00:00 -0800

I applied the audit to default domain policy -I created
users, deleted users moved rights and after all those
changes i can't see any event id (624-625-630)

Thanks any comment !!

>-----Original Message-----
>You probably have no users in the Default Domain
Controllers OU (Only domain
>controllers). Put the auditing on an OU that contains
users -or- put the
>auditing on the default domain policy. That should take
care of the
>problem.
>
>--
>
>Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>
>"fex" <anonymous@discussions.microsoft.com> wrote in
message
>news:0dcc01c4d5a6$4888f880$a501280a@phx.gbl...
>>
>> Hello,
>>
>> I've been auditing multiple events (System Events ,
>> Policy Changes , Logon Events , but specially all events
>> referents to Account management events like (User
Account
>> create, User Account Deleted , etc ) However , I applied
>> the auditing to the default group everyone on Defaul
>> Domain Controller Policy , to check specially all
changes
>> made by users with domain admin rights. But at this
moment
>> they are changing users -passwords - deleting users
and -
>> I don't receive any event id; for instance (ID:624-627-
630)
>> at the moment they applied any change on the DC.
>>
>> I would like to know what is my misconfiguration or I
need
>> more configuartion or the default group it is not
applied
>> right way ?
>>
>> I will thanks any comment !!!
>
>
>.
>

Next message: Ryan Hanisco: "Re: All AD User Accounts Locked"
Previous message: Ryan Hanisco: "Re: Add attribute to Active Directory"
In reply to: Paul Bergson: "Re: Account management events audit !!"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Account management events audit !!
... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>controllers). ... >>auditing on the default domain policy. ...
(microsoft.public.win2000.active_directory)
Re: BITS 2.0 Install Fails - Permission problem
... the proper users have these rights as well as the ones that Narayana listed. ... > perform system restore citing insufficient security privleges. ... >> It sounds as though a domain policy is set that trumps your local policy. ... >> don't think that even a domain admin can override it by editing the local ...
(microsoft.public.windowsupdate)
Re: Running services under AD users
... the default domain policy processing. ... MVP - Directory Services ... This posting is provided "AS IS" with no warranties, and confers no rights. ... allow certain Windows Services to run as certain Active Directory ...
(microsoft.public.windows.server.active_directory)
Re: Track when users login
... You should enable account logon audit in the default domain policy ... > logs onto the console of a DC by setting up auditing of Active Directory ...
(microsoft.public.win2000.security)
Re: Windows 2003 Power Cfg Permission
... Enabling the auditing of privilege use gave me the info. ... required in order to change Power Options. ... After re-adding the rights to ...
(microsoft.public.windows.server.security)