• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Delegating an OU for auditing


I am administering an Ou within an Active Directory domain. I have been asked to audit user logons, password changes etc under my OU. At present I cannot view the Security Log in the Event Viewer of the Domain Controller (we have a DC at our branch office as well).
What do I need to ask my Head Office to delegate to me so that I can view it and also what would I need so I can manage the audit policies of objects under my managed OU?

1 Solution
To have access to the security log in teh event viewer of DCs, it has nothing to do with what administering an OU. What you need to do is ask your Domain admins to configure the Default Domain Controllers Policy to allow you to Manage auditing and security log. Or your Domain Admins can create a group and make you a member of this group then assign this group right to manage auditing and security log. By default only Builtin\Administrators have this right. Here's the step of the Domain Controller Policy:Computer Configuration>Windows Settings>Local Policies>User Rights Assignment>Manage auditing and security log.

Now, if this same setting is configure in a separate GPO and linked to the OU where your computers is placed in, then you also have access to those computers' security event log but not much use as all the logon and password changeds events are from the Security event log of your DCs.
shcedtechAuthor Commented:
Thanks, Americom
Looks like I will need to have access to the Security log of the DCs. And then ask for GPO rights to my managed OUs

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Tackle projects and never again get stuck behind a technical roadblock.
Join Now