Re: Audit trail of AD Account
- From: Jerold Schulman <Jerry@xxxxxxxxxx>
- Date: Wed, 06 Jul 2005 07:14:58 -0400
On Wed, 6 Jul 2005 16:41:29 +0800, "YMan" <yyyy@xxxxxxxx> wrote:
>Hi,
>
>Yes I have another question.
>
>When the administrator disable an account in Active Directory. Is there any
>way to set up audit trail that will show when the account is being disabled?
>For example, a staff is leaving the company and the administrator will
>disable his / her account by the time s/he leaves for good. Will there be
>any log to record the event that the administrator actually disabled that
>user's account in AD? If not within Microsoft, what will be the options?
>
>Thanks
>
>From the Help file:
Group Policy
Audit account managementComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy
Description
Determines whether to audit each event of account management on a computer. Examples of account management events include the following:
A user account or group is created, changed, or deleted.
A user account is renamed, disabled, or enabled.
A password is set or changed.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when any account management event succeeds. Failure audits generate an
audit entry when any account management event fails. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.
Default: No auditing.
For more information, see:
Security Configuration Manager Tools
.
- References:
- Audit trail of AD Account
- From: YMan
- Audit trail of AD Account
- Prev by Date: Use the Additional DC when PDC is down
- Next by Date: Re: My primary DC went down on Friday and the secondary DC did not kick in?
- Previous by thread: Audit trail of AD Account
- Next by thread: Re: Audit trail of AD Account
- Index(es):
Relevant Pages
|
