Re: Active Directory Security Auditing, any suggestions?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 16:48:26 -0500

I don't know of such a tool offhand but you can use Group Policy Restricted
Groups to enforce group memberships and also enable auditing of account
management in Domain Controller Security Policy to monitor for changes to
users and groups. User rights and security policy can also be managed and
enforced via Group Policy. You can create baseline security templates to
enforce such and you also can use the baseline security template to use the
Security Configuration and Analysis mmc snapin to do an analysis of a
computer to compare the base line security template to the actual effective
security policy on the computer to check for changes that an admin may have
done. You can also use secedit to script such an analysis. If you have an XP
Pro administrative workstation in the domain you can install adminpak fro
Windows 2003 [free download from MS] and use the AD command line tools such
as dsquery and dsget to enumerate groups including nested groups. There also
is a tool called Hyena that you may want to check out which has a free trial
period from Somarsoft and their dumpsec tool is free and handy. The links
below have more details. --- Steve

http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/DS_command_line_tools.asp
http://www.somarsoft.com/somarsoft_main.htm

"bigdoubleya" <bigdoubleya@discussions.microsoft.com> wrote in message
news:82DD8A26-3CB3-4BC0-8863-59FD19179747@microsoft.com...
> Hi all,
>
> I'm looking for a tool that can be used by the security team to baseline
> and
> report on any modifications made to Active directory.
>
> This would include changes in group membership (especially the obvious
> domain and schema admins) changes in user rights etc.
>
> I had a feeling that MOM could do this but on slightly closer inspection
> it
> only appears to be interested in AD health.
>
> So anyone got any suggestions as to what to evaluate and what not to touch
> with a bargepole?
>
> Cheers
>
>
> Mark

Relevant Pages

  • Fwd: Oh Dear, Where to start?!
    ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
    (Security-Basics)
  • Re: [fw-wiz] httport 3snf
    ... was really the first "security" policy instead of HR-aimed usage document. ... negotiate enforcement with upper management and users' managers. ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
    (Firewall-Wizards)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)