Solved

Audit and Analyze tool AD and GPO in use etc...

Posted on 2010-11-11
6
1,534 Views
Last Modified: 2013-12-06
Hi guys,

Unfortunately i got pushed into some massive projet.
Basically, it's a company that run a computer parc concisting of ~2000 xp machines and 2008 Server R2 regarding the DC's.

The hell part of the thing is that: all of the 2000 machines  are being used by users with local administrator rights.
I know it is a total suicide but it's the way it is and that since 2005. You can magine the mess on the workstations...

My job is to audit the domain/AD/GPO and build a report regarding the possibility of limiting all the users rights via group policy.

My company would like to sell the product "stormshield" for this purpose + the GPO job.  So bascially, i have to create a report that show that limiting a non standard computer/users parc with group policy is going to requier many man hours. and so we are trying to sell the solution Stormshiled on the top of a set of GPO which will limit all users and make it all work together. And which will save everybody many hours.

Please anyone could point me to the right tools to perform this audit/analyze. it would be greatly appreciated.


Let me know if you need more infromation which i forgot to mention, kind of very stressed out lately.

Thank you!

Jean-Marc



 


0
Comment
Question by:jmc79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 250 total points
ID: 34110458
Quest has some good tools for auditing

http://www.quest.com/active-directory/compliance-and-audits.aspx

Check out the scripts that come with GPMC
http://wmug.co.uk/blogs/1972/archive/2006/05/01/39.aspx

There are other produscts as well.
http://nagios.org/
http://www.splunk.com/

It all depends on what you want to audit.
0
 

Author Comment

by:jmc79
ID: 34110577
Thanks! Will check.
I need to audit the AD, the GPO, and the OU structure.

Jm
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 34110587
AD topology Diagram along with GPMC scripts you can do it.

http://blogs.technet.com/b/askds/archive/2007/10/12/documenting-active-directory-infrastructure-the-easy-way.aspx

You can use GPMC tool to document AD.

You can use DHCPLoc for DHCP.

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/DHCPandDNS/UsingtheDHCPLOCUtility.html


There is tool like DCdiag, netdiag, dnslint, ntdsutil to check the health & various services of AD.

http://www.shariqsheikh.com/blog/index.php/200907/adrap-scoping-tool/

You can also use ADtest tool for performance monitor of AD.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4814fe3f-92ce-4871-b8a4-99f98b3f4338&displaylang=en

Above tool is more than sufficient.


You can also check whether password policy is in place,service pack,patch Antivirus is updated.

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
0
 

Author Comment

by:jmc79
ID: 34113843
Awesome!
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34700106
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question