Re: Adding Computers to the Domain

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/12/04

• Next message: Steven L Umbach: "Re: Domain Users with 2003 adminpak can see AD!"
• Previous message: Steven L Umbach: "Re: Users remove them selves from the domain"
• In reply to: Alex Anderson: "Re: Adding Computers to the Domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Mar 2004 23:35:50 GMT

You would already have had to have auditing of account management in place to find
out who added a computer to the domain. However if you go to the computer object in
AD and look in properties/object you will at least know when it was created which may
be a helpful clue. --- Steve

"Alex Anderson" <AAnderson@Murrieta.org> wrote in message
news:OPOLSC8BEHA.916@tk2msftngp13.phx.gbl...
> Steve,
>
> So, if the adding of a workstation already happen, by follow your
> instructions I can find out who still?
>
> Thank you
> Alex Anderson
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:Bu64c.7086$zS4.58482@attbi_s51...
> > In the Domain Controller Security Policy enable auditing on account
> management and
> > then review your security logs in Event Viewer on the domain controllers
> for Event ID
> > 645. You can download Event Comb from Microsoft to scan multiple logs for
> specific
> > events. Keep in mind that by default a regular user can add up to ten
> workstations to
> > the domain. You can change that by removing authenticated users from the
> user
> > right -add workstations to the domain in Domain Controller Security
> Policy. ---
> > Steve
> >
> >
> >
> > "Alex Anderson" <AAnderson@Murrieta.org> wrote in message
> > news:e02gCI7BEHA.3748@TK2MSFTNGP11.phx.gbl...
> > > Hello Everyone,
> > >
> > > How do you put up an audit trail within Windows 2000 server to see
> who
> > > added a computer to the domain? I have a workstation object and I want
> to
> > > find out who added to the domain by supplying a user and password. Can
> this
> > > be done?
> > >
> > > Thank you
> > > Alex Anderson
> > >
> > >
> >
> >
>
>

• Next message: Steven L Umbach: "Re: Domain Users with 2003 adminpak can see AD!"
• Previous message: Steven L Umbach: "Re: Users remove them selves from the domain"
• In reply to: Alex Anderson: "Re: Adding Computers to the Domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NT domain auditing ... if auditing of account management has been enabled. ... --- Steve ... > on a PDC for a computer that has been deleted from a NT ... (microsoft.public.win2000.security) Re: Domain admin users audit ... I don't receive any account management Event on Domain ... Controllers however i received all logon events, ... >Account Management auditing will cover the ... (microsoft.public.win2000.active_directory) Re: Logging OU movement ... The answer to the original question is to use Auditing, ... Account Management is an easy to get things ... Set Auditing (ACLs) on the actually objects you wish to track using ... (microsoft.public.windows.server.active_directory) Re: domain administrator account password reset ... If auditing is enabled (Account Management), it will show you that the ... administrator password has been changed. ... any questions should be posted in the NewsGroup ... (microsoft.public.win2000.active_directory) Re: Info Date Account Windows 2000 Server ... profile folder as a general clue. ... Otherwise auditing of account management ... account management has been enabled an event will be recorded when a user ... (microsoft.public.windows.server.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint