What is the best way to audit the activities of a specific user?

Posted on 2004-11-18
Medium Priority
Last Modified: 2010-04-14
Hello Experts!

I am going away on vacation for Thanksgiving and for three days I am bestowing the Domain Admin privilege to one of my users "just in case" they need to troubleshoot something.

How can I track everything this user does while I'm gone?
This is on a Windows 2003 GC/DC...

Question by:neomage23
  • 2
LVL 97

Accepted Solution

Lee W, MVP earned 1000 total points
ID: 12619833
Enable security auditing in the domain policy.

That aside, why not just create another admin account and password and put the password in a sealed envelope.  If they NEED access to it, they have it, but they better have a good reason why they needed access to it...

Even then, you'll not be able to log EVERYTHING they do.
LVL 11

Assisted Solution

cfairley earned 1000 total points
ID: 12632400
I would make sure that you are auditing success and failures for "audit directory service access" in the "domain controller" security policy.  By doing this, any AD object that is added, deleted, change will be put in the security log on the DC.  Also, you may need to increase the security log file size on the DC.  If so, right-click the security log on the DC and go to properties, or you can do it on the domain controller security policy.

Author Comment

ID: 12721763
Thanks guys...nothing mysterious happenend while I was away! Split Points!
LVL 11

Expert Comment

ID: 12721821
Glad we could assist!  Thanks for using EE!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Sometimes MS breaks things just for fun... In Access 2003, only the maximum allowable SQL string length could cause problems as you built a recordset. Now, when using string data in a WHERE clause, the 'identifier' maximum is 128 characters. So, …
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question