Re: Domain admin users audit

From: fex (anonymous_at_discussions.microsoft.com)
Date: 11/30/04 

Date: Mon, 29 Nov 2004 20:30:06 -0800

I've been checking the configuration ; this is the point:
I don't receive any account management Event on Domain
Controllers however i received all logon events , at the
other hand i receive inmediatly any account management
change that i do on any server (Local Security Policy)
works very well, What could be the reason that account
management events doesn't apply on the DC's.!!

Thanks any comments !!!

>-----Original Message-----
>"mISARO" <anonymous@discussions.microsoft.com> wrote in
message
>news:161501c4d19c$7b14a370$a501280a@phx.gbl...
>> Hi,
>>
>> I need to audit or verify every change that any user
with
>> domain admin rights do in the Domain Controller.
>
>Audit Account Management is LIKELY what you wish, even
>though it doesn't meet the technical requirement of
auditing
>"every" change by an admin.
>
>> For instance: User Beth, she removed domain admin rights
>> to another user who had them. For that reason the user
had
>> several problems working on a project. So the point is
how
>> may I know that she did it ? 'Cos at the same time she
has
>> full rights? How to audit that , or any software to
check
>> and keep a log about what changes or movements do all
>> domain admins users !!
>>
>
>Account Management auditing will cover (most of) the
things
>you care about, but if you need most control or
granularity you
>can also audit specific Directory or File objects after
turning
>on Direct or File object auditing IN GENERAL.*
>
>*The key point about auditing "objects", is that you must
both
>turn on the auditing in GENERAL and also set the auditing
on
>the specific objects (done with properties like
permissions.)
>
>
>--
>Herb Martin
>
>
>> Thanks any comments !!!
>
>
>.
>

Relevant Pages

  • Re: Auditing Account management events
    ... account management in the security policy on both domain ... Simply enable auditing of "account ... >domain controllers to find the related events. ...
    (microsoft.public.win2000.group_policy)
  • Re: Adding Computers to the Domain
    ... You would already have had to have auditing of account management in place to find ... --- Steve ... >> In the Domain Controller Security Policy enable auditing on account ...
    (microsoft.public.win2000.security)
  • Re: Logging OU movement
    ... The answer to the original question is to use Auditing, ... Account Management is an easy to get things ... Set Auditing (ACLs) on the actually objects you wish to track using ...
    (microsoft.public.windows.server.active_directory)
  • Re: domain administrator account password reset
    ... If auditing is enabled (Account Management), it will show you that the ... administrator password has been changed. ... any questions should be posted in the NewsGroup ...
    (microsoft.public.win2000.active_directory)
  • Re: Info Date Account Windows 2000 Server
    ... profile folder as a general clue. ... Otherwise auditing of account management ... account management has been enabled an event will be recorded when a user ...
    (microsoft.public.windows.server.security)