Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

What's a good tool for tracking what the windows domain administrator account is doing?

Hi,

We will have auditors coming into our office soon and I know they will ask me if I track what the domain administrator account is doing. We have three people using this user account to make changes as needed.

I'm looking for a tool that give us good idea what the windows domain administrator account is doing.

We've enabled auditing on our domain controllers and see a lot of entries being added now to this event log.

Is there a tool that summarizes this event log in reports or in drill down menus? Is the answer SCOM?

Thanks,

Dean
0
DeanUnited
Asked:
DeanUnited
  • 5
  • 4
  • 2
1 Solution
 
MightySWCommented:
Hi, have a look here to give you some ideas.  Looks like they were frustrated with scom as well.  You would have to setup the audits to pickup more than logins in you case of course.

http://mobile.experts-exchange.com/Q_24994402.html

HTH
0
 
Donald StewartNetwork AdministratorCommented:
0
 
MightySWCommented:
Quit swooping!!!!
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
DeanUnitedAuthor Commented:
Thanks dstewartjr, adaudit looks good for tracking login activity.
Mightysw - DumpSec looks dated. only mentions windoww 2000. any idea if it works with 2003 +.
 
Dean
0
 
DeanUnitedAuthor Commented:
sorry, I got the names backwards.
0
 
MightySWCommented:
Yes, AdAudit is a GREAT utility.  I have used it.  It has alot of features.  

Hyena is a good one too, but as you said, it could be a bit dated.  Most of them are unless you want to pay for some kind of central auditing program like GFI.

LOL, its ok on the names.  Me and the Stew are friends.

0
 
Donald StewartNetwork AdministratorCommented:
Hey mighty check into that for me. At lunch now
0
 
MightySWCommented:
Yes Dean, the link that DStew gave you for dumpsec WILL work for Win 2k3.  The reports are definitely the same as the event viewer format did not change from 2000 to 2003.

You should be good with either.  Both utilities will do what you need to do.  
0
 
DeanUnitedAuthor Commented:
Thanks guys,
I'm going to try these programs first before jumping into SCOM. I've heard from various sources that it's tough to figure out SCOM.
I understand Quest programs are good for monitoring changes in AD and file systems, but what about if I just want to monitor who is viewing HR directory? Any program for that?
0
 
MightySWCommented:
again, you are just looking at auditing and using dumpsec or ADaudit (free) to enumerate the billions of entries that you will get in the event log after you turn on file access auditing on that directory.  

Either utilities are easy to use once you get use to them.  You just dump them to a delimited text file and then open it up with excel where you can then filter.  Or you can just use the utilities to determine usage.  Both have good filters on them and sort ability.
0
 
DeanUnitedAuthor Commented:
Thanks guys,
 
ADAudit is working out great!
 
Dean
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now