Re: Audit Admnistrators
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Apr 2006 20:11:01 -0500
You can enable auditing for various categories on domain controllers via
Domain Controller Security Policy such as for account management, object
access, and directory services [for AD objects]. However you need to be
selective in auditing what you think is important or you will need a couple
more people to review all the tens of thousands of entries in the security
logs of domain controllers. The free Event Comb from Microsoft can help in
parsing the logs for events you want to track and text strings such as user
names. To track changes to DNS and DHCP you would probably need to audit the
registry keys used by those services. The link below is to a white paper
from Microsoft that may be helpful. --- Steve
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/default.mspx -
-- The Security Monitoring and Attack Detection Planning Guide
"Erasmo" <Erasmo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:45C7C85A-54F9-4F53-824E-DB3A5346D0F9@xxxxxxxxxxxxxxxx
I'm trying to determine the best way to have my Domain Admins
administrators
to audit each other, what I mean I want to keep track when eithe one of
them
make a change in anything in AD such as DNS, DHCP, AD, etc. What is the
best
method to centralized and keep track of administrators activities.
.
- Prev by Date: Re: someone has direct access to my hard drive ,how to remove it?
- Next by Date: Re: changing the ecret answer to your question
- Previous by thread: Re: someone has direct access to my hard drive ,how to remove it?
- Next by thread: Re: Audit Admnistrators
- Index(es):
Relevant Pages
|
