Re: Suspicious User in AD

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/17/05

• Next message: Roger Abell: "Re: Limited Security Loacation list"
• Previous message: Steven L Umbach: "Re: Limited Security Loacation list"
• In reply to: jack tinker: "Suspicious User in AD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 16 Mar 2005 20:35:45 -0600

Roger described how to audit for an individual user for AD object access but
you may also want to enable auditing of account management and policy change
in Domain Controller Security Policy. That can not be done by user, but
would still be well worth while if not already being done. Then events will
be recorded when someone manages a user/computer/group [ reset
password/change group membership/add user or computer] , changes a user
right, or changes audit policy. --- Steve

"jack tinker" <jt@tex.com> wrote in message
news:422f1172$0$88239$892e0abb@auth.newsreader.octanews.com...
> Hi,
>
> I think a user may be making changes to Active Directory.
>
> I don't want to audit everyone, just this one particular user. Is there
> any way I can audit which objects in AD this specific user has been
> accessing or making changes to?
>
>
>
> Regards,
> JT
>

---

• Next message: Roger Abell: "Re: Limited Security Loacation list"
• Previous message: Steven L Umbach: "Re: Limited Security Loacation list"
• In reply to: jack tinker: "Suspicious User in AD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)