?
Solved

What's a good tool for tracking what the windows domain administrator account is doing?

Posted on 2010-01-11
11
Medium Priority
?
284 Views
Last Modified: 2013-11-25
Hi,

We will have auditors coming into our office soon and I know they will ask me if I track what the domain administrator account is doing. We have three people using this user account to make changes as needed.

I'm looking for a tool that give us good idea what the windows domain administrator account is doing.

We've enabled auditing on our domain controllers and see a lot of entries being added now to this event log.

Is there a tool that summarizes this event log in reports or in drill down menus? Is the answer SCOM?

Thanks,

Dean
0
Comment
Question by:DeanUnited
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 20

Expert Comment

by:MightySW
ID: 26289640
Hi, have a look here to give you some ideas.  Looks like they were frustrated with scom as well.  You would have to setup the audits to pickup more than logins in you case of course.

http://mobile.experts-exchange.com/Q_24994402.html

HTH
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26289823
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26290383
Quit swooping!!!!
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:DeanUnited
ID: 26296052
Thanks dstewartjr, adaudit looks good for tracking login activity.
Mightysw - DumpSec looks dated. only mentions windoww 2000. any idea if it works with 2003 +.
 
Dean
0
 

Author Comment

by:DeanUnited
ID: 26296064
sorry, I got the names backwards.
0
 
LVL 20

Accepted Solution

by:
MightySW earned 1400 total points
ID: 26296110
Yes, AdAudit is a GREAT utility.  I have used it.  It has alot of features.  

Hyena is a good one too, but as you said, it could be a bit dated.  Most of them are unless you want to pay for some kind of central auditing program like GFI.

LOL, its ok on the names.  Me and the Stew are friends.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26296122
Hey mighty check into that for me. At lunch now
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26296155
Yes Dean, the link that DStew gave you for dumpsec WILL work for Win 2k3.  The reports are definitely the same as the event viewer format did not change from 2000 to 2003.

You should be good with either.  Both utilities will do what you need to do.  
0
 

Author Comment

by:DeanUnited
ID: 26296240
Thanks guys,
I'm going to try these programs first before jumping into SCOM. I've heard from various sources that it's tough to figure out SCOM.
I understand Quest programs are good for monitoring changes in AD and file systems, but what about if I just want to monitor who is viewing HR directory? Any program for that?
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26296601
again, you are just looking at auditing and using dumpsec or ADaudit (free) to enumerate the billions of entries that you will get in the event log after you turn on file access auditing on that directory.  

Either utilities are easy to use once you get use to them.  You just dump them to a delimited text file and then open it up with excel where you can then filter.  Or you can just use the utilities to determine usage.  Both have good filters on them and sort ability.
0
 

Author Comment

by:DeanUnited
ID: 26309547
Thanks guys,
 
ADAudit is working out great!
 
Dean
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Progress
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question