Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Auditing a specific account

Posted on 2003-12-12
6
414 Views
Last Modified: 2013-12-07
I have been asked to create an audit trial for an active directory user  account.

I used a specific OU and created granular GPO for full auditing applying it to that account.

However,

I would like to report activity with that account keeping the following in mind:

1. The name of that account is a subset of many others so it is hard to search for with the large quantity of events that exists in out enviorment.

2. Is there a audit reporting tool that will simplify this proccess

3. If other accounts are in need of monitoring is it a difficult proccess to maintain?

Thanks

Webaxion

0
Comment
Question by:webaxion
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 9928927
You either need to get a third party tool that stuffs the logs into a database you can get reports out of or take a look at
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9989D151-5C55-4BD3-A9D2-B95A15C73E92

This utility collects Event Logs in a comma-delimited text file which allows you to import them into a database for analysis
0
 

Author Comment

by:webaxion
ID: 9930898
Is there a way to parse the information into a more usable report?

And can anyone point me into a direction of a 3rd party tool that will provide the reporting?

0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9931006
>Is there a way to parse the information into a more usable report?
If there is someone on staff familiar with databases, this should be a trivial task.
Worst case: open the file in excel and sort on desired field.

 Sawmill is popular: http://www.sawmill.net/formats/Windows_Event.html
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 37

Accepted Solution

by:
bbao earned 333 total points
ID: 9934211
why dont try Crystal Reports? it is powerful and its special edition is for w2k resource kit:

Seagate Software Crystal Reports 6.0
http://www.tburke.net/info/reskittools/topics/crystal.htm

Windows NT: Monitoring Events
www.microsoft.com/technet/prodtechnol/ winntas/proddocs/concept/xcp09.asp

AFAIK, what you want can all be done well by Crystal Reports, very professional.

for more about Crystal Reports:

http://www.crystalkeen.com/articles/crystalreports/
http://www.pnltools.com/printproduct.asp?productid=34

hope it helps,
bbao
0
 

Author Comment

by:webaxion
ID: 10023516
Found an application that does this and much more.

http://www.gfi.com/lanselm/

Creates a wide variety of customized reports that are just the ticket for upper management ECT.
0
 
LVL 37

Expert Comment

by:bbao
ID: 10024453
good, webaxion, if you think your question is finished, could you please accept helpful commnets OR ask EE moderators make it as PAQ and get refund. happy new year
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question