• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 231
  • Last Modified:

Ad auditing

I am setting up auditing for a active directory environment. I need to know what to do to correlate all teh events to a server or two. I am using a product called sentinel to access teh event logs over WMI. what do I have the ad administrator do on the ad side to make sure he has a plociy to collect ad events on his domain controller or is this in the DC event log by default
0
zenworksb
Asked:
zenworksb
1 Solution
 
zelron22Commented:
He needs to have auditing turned on for whichever events you want to audit, e.g. logon failure, logon success, object access, etc.

If any of the audited events occur, they get logged in the security log.

Audit logging is turned on/modified either via Local Security Policy for stand alone servers or through Group policy for domain members, domain controllers, etc.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now