Re: AD access

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Manny Borges" <manny_borges@xxxxxxxxxxx>
Date: Sat, 6 Aug 2005 14:19:39 -0400

AHHH I just re-read your post and see what you are really asking. You want
this access to do your job.

In my experience an IT auditor does not do this kind of work. With all due
respect, there is too much risk in having someone unfamiliar with a system
traipsing around in it. And its a huge waste of time.

An IT auditor is assessing risk and creating or evaluating controls. Your
time is too valuable to be tracking stuff down. The information or system
owner has the responsibility of generating access reports. If they can't
then you give them a huge red flag until they can generate system access
reports.

As I am sure you know, after you go over the rough data and look for obvious
issues, you take a sample and make one of the information or system owners
sit down (or net meeting) and you test the validity. Or run any other type
of controlls needed validate tha sample population.

I know thats a pretty high level pass over on IT audit plans, (I know I left
at least three major stages and aspects) but I am sure that you are already
familiar with the steps involved in organizing and conducting an audit.

--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

The pen is mightier than the sword, and considerably easier to write with.
-- Marty Feldman
"WWII" <wweldin@xxxxxxxxxxx> wrote in message
news:cKOdnclS-_IsCW7fRVn-rg@xxxxxxxxxxxxxx
> Is it possible to set up a group at the very highest level of Active
> Directory that allows READ access to all servers, domains, etc.? I'm part
> of an internal audit organization and we need access to all servers,
> domains, etc. in order to perform our IT audits.
>

.

References:
- AD access
  - From: WWII

Prev by Date: Re: re-acling network resources after migration to 2000 active directory
Next by Date: Re: Hibernating Locks Account
Previous by thread: Re: AD access
Next by thread: How to register DNS server as primary authoritative
Index(es):
- Date
- Thread

Relevant Pages

Re: HELP - File Auditing
... > We have performed all of the below on many servers with no results... ... Auditing must be enabled on ... > individual objects for audit events to be logged. ... >>audit policy setting take effect only when the policy ...
(microsoft.public.win2000.security)
Re: HELP - File Auditing
... We have performed all of the below on many servers with no results... ... Enabling either success or failure event auditing does ... individual objects for audit events to be logged. ... >audit policy setting take effect only when the policy ...
(microsoft.public.win2000.security)
AUDITOR attribute
... The RACF AUDITOR attribute is more than a READONLY ability. ... holding the AUDITOR attribute at system level can change any AUDIT ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
(bit.listserv.ibm-main)
Re: Authorized Rexx Assembler Function
... worthless cookbook. ... They fail to have what I feel to be the primary qualification to be an auditor - The ability to do the job that they are supposed to audit. ...
(bit.listserv.ibm-main)
Re: PAM & RSA (SuSE Linux+OpenSSH)
... It is necessary the use of audit program on the servers. ... If you just want to audit access then you can use the PAM account or ... Good judgement comes with experience. ...
(SSH)