Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

Auditing a specific account

I have been asked to create an audit trial for an active directory user  account.

I used a specific OU and created granular GPO for full auditing applying it to that account.

However,

I would like to report activity with that account keeping the following in mind:

1. The name of that account is a subset of many others so it is hard to search for with the large quantity of events that exists in out enviorment.

2. Is there a audit reporting tool that will simplify this proccess

3. If other accounts are in need of monitoring is it a difficult proccess to maintain?

Thanks

Webaxion

0
webaxion
Asked:
webaxion
  • 2
  • 2
  • 2
1 Solution
 
chicagoanCommented:
You either need to get a third party tool that stuffs the logs into a database you can get reports out of or take a look at
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9989D151-5C55-4BD3-A9D2-B95A15C73E92

This utility collects Event Logs in a comma-delimited text file which allows you to import them into a database for analysis
0
 
webaxionAuthor Commented:
Is there a way to parse the information into a more usable report?

And can anyone point me into a direction of a 3rd party tool that will provide the reporting?

0
 
chicagoanCommented:
>Is there a way to parse the information into a more usable report?
If there is someone on staff familiar with databases, this should be a trivial task.
Worst case: open the file in excel and sort on desired field.

 Sawmill is popular: http://www.sawmill.net/formats/Windows_Event.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
bbaoIT ConsultantCommented:
why dont try Crystal Reports? it is powerful and its special edition is for w2k resource kit:

Seagate Software Crystal Reports 6.0
http://www.tburke.net/info/reskittools/topics/crystal.htm

Windows NT: Monitoring Events
www.microsoft.com/technet/prodtechnol/ winntas/proddocs/concept/xcp09.asp

AFAIK, what you want can all be done well by Crystal Reports, very professional.

for more about Crystal Reports:

http://www.crystalkeen.com/articles/crystalreports/
http://www.pnltools.com/printproduct.asp?productid=34

hope it helps,
bbao
0
 
webaxionAuthor Commented:
Found an application that does this and much more.

http://www.gfi.com/lanselm/

Creates a wide variety of customized reports that are just the ticket for upper management ECT.
0
 
bbaoIT ConsultantCommented:
good, webaxion, if you think your question is finished, could you please accept helpful commnets OR ask EE moderators make it as PAQ and get refund. happy new year
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now