Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Audit and Analyze tool AD and GPO in use etc...

Posted on 2010-11-11
6
Medium Priority
?
1,572 Views
Last Modified: 2013-12-06
Hi guys,

Unfortunately i got pushed into some massive projet.
Basically, it's a company that run a computer parc concisting of ~2000 xp machines and 2008 Server R2 regarding the DC's.

The hell part of the thing is that: all of the 2000 machines  are being used by users with local administrator rights.
I know it is a total suicide but it's the way it is and that since 2005. You can magine the mess on the workstations...

My job is to audit the domain/AD/GPO and build a report regarding the possibility of limiting all the users rights via group policy.

My company would like to sell the product "stormshield" for this purpose + the GPO job.  So bascially, i have to create a report that show that limiting a non standard computer/users parc with group policy is going to requier many man hours. and so we are trying to sell the solution Stormshiled on the top of a set of GPO which will limit all users and make it all work together. And which will save everybody many hours.

Please anyone could point me to the right tools to perform this audit/analyze. it would be greatly appreciated.


Let me know if you need more infromation which i forgot to mention, kind of very stressed out lately.

Thank you!

Jean-Marc



 


0
Comment
Question by:jmc79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 1000 total points
ID: 34110458
Quest has some good tools for auditing

http://www.quest.com/active-directory/compliance-and-audits.aspx

Check out the scripts that come with GPMC
http://wmug.co.uk/blogs/1972/archive/2006/05/01/39.aspx

There are other produscts as well.
http://nagios.org/
http://www.splunk.com/

It all depends on what you want to audit.
0
 

Author Comment

by:jmc79
ID: 34110577
Thanks! Will check.
I need to audit the AD, the GPO, and the OU structure.

Jm
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 1000 total points
ID: 34110587
AD topology Diagram along with GPMC scripts you can do it.

http://blogs.technet.com/b/askds/archive/2007/10/12/documenting-active-directory-infrastructure-the-easy-way.aspx

You can use GPMC tool to document AD.

You can use DHCPLoc for DHCP.

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/DHCPandDNS/UsingtheDHCPLOCUtility.html


There is tool like DCdiag, netdiag, dnslint, ntdsutil to check the health & various services of AD.

http://www.shariqsheikh.com/blog/index.php/200907/adrap-scoping-tool/

You can also use ADtest tool for performance monitor of AD.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4814fe3f-92ce-4871-b8a4-99f98b3f4338&displaylang=en

Above tool is more than sufficient.


You can also check whether password policy is in place,service pack,patch Antivirus is updated.

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
0
 

Author Comment

by:jmc79
ID: 34113843
Awesome!
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34700106
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question