Solved

Setting up Audit Policies in AD on Server 2003.

Posted on 2009-07-15
5
208 Views
Last Modified: 2013-12-04
Are there auditing policies to monitor the following:
1. Change of privileges
2. The installation/uninstallation of software
3. When and by whom a certain service is stopped/started
4. Modifying the actual auditing settings

If there are, which policy should I set up for each or how do I go about setting these up?

Also is there a way to secure audit policies so that they cannot be altered?

Thanks!
0
Comment
Question by:sliknick1028
  • 2
  • 2
5 Comments
 
LVL 10

Accepted Solution

by:
abraham808 earned 250 total points
Comment Utility
I think you need a 3rd party APP. Like Netpro Change Auditor

But This could start you in the right direction.
http://www.computerperformance.co.uk/w2k3/gp/group_policy_security_audit.htm

Open Group Policy
4. Under Computer Configuration>Windows Settings>Security Settings>Local Polices>Audit Policy
0
 

Author Comment

by:sliknick1028
Comment Utility
Yes, I knew about the Auditing Policies in Group Policy but I wanted to know which of the audit policies covered the 4 things that I listed above.  I read the "Explain this setting" section for each policy but non of them exactly mentioned anything about the 4.  I wanted a more specific answer... for example "Audit account management" will work for "change of priviledges" (I know it doesn't just giving an example)
-Thanks!
0
 
LVL 10

Expert Comment

by:abraham808
Comment Utility
I think you need a 3rd Party app that does those things.  It's not that cut and dry in Group Policy.
0
 
LVL 6

Assisted Solution

by:naldiian
naldiian earned 250 total points
Comment Utility
Your list requires enabling all of the options for auditing that are available in 2003, and more importantly you would need to enable enforcement of the audit policies on the member computers of the domain, rather than just the domain controllers - also meaning you would need to capture and review the logs from the actual member servers and workstations where you want to audit these things, as not all of this will involve the domain and may therefore not be logged there.
As far as restricting security for setting these policies, they are restricted to administrators of the involved systems be default, though they can be delegated and may not be limited to admins in a given environment if previously changed. Again, this means domain admins for the domain level, but just local administrators of the workstations and member servers
The volume of information that is generated in the security logs with this level of auditing, plus the requirement of getting the logs from multiple systems to know the whole picture, does lead to a strong case for using an applicaiton solution that can consolidate all of the information and provide ways to present it in usable formats to fit the objectives you have.
0
 

Author Closing Comment

by:sliknick1028
Comment Utility
abraham808 was first to say that it would require a 3rd party solution, but naldiian spelled it all out for me.   Thanks guys!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now