Re: DNS entry deletion tracking
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 5 Jan 2007 14:00:24 -0500
"Brendon B" <BrendonB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51F45B04-C561-47AF-BF80-6FC8C86BF275@xxxxxxxxxxxxxxxx
Hi Martin
That may be the case
We have the following auditing in place on our Domain controllers:
Audit account logon events No auditing
Audit account management Success, Failure
Audit directory service access No auditing
IF this auditing were enabled you
COULD enable auditing on AD objects you wish to monitor
and get the audit records in the security log ( it can get big
and out of control rapidly however.)
Audit logon events Success, Failure
Audit object access Success, Failure
Audit policy change Success
Audit privilege use Success
Audit process tracking Success
Audit system events Success, Failure
Would this deletion have been covered in one of the categories above?
No. And even if you had enabled (success) for the directory
service object access then you would still have needed to enable
the auditing ACLs (like NTFS permissions) on the actual objects
you wished to monitor.
If so, what event would I have to look for?
Security event log, object access entries for (primarily) success.
.
- References:
- Re: DNS entry deletion tracking
- From: Herb Martin
- Re: DNS entry deletion tracking
- Prev by Date: Re: multiple dns zone advice
- Next by Date: Re: Reverse DNS
- Previous by thread: Re: DNS entry deletion tracking
- Next by thread: Re: DNS Installation and configuration
- Index(es):
Relevant Pages
|
Loading
