• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1621
  • Last Modified:

Audit and Analyze tool AD and GPO in use etc...

Hi guys,

Unfortunately i got pushed into some massive projet.
Basically, it's a company that run a computer parc concisting of ~2000 xp machines and 2008 Server R2 regarding the DC's.

The hell part of the thing is that: all of the 2000 machines  are being used by users with local administrator rights.
I know it is a total suicide but it's the way it is and that since 2005. You can magine the mess on the workstations...

My job is to audit the domain/AD/GPO and build a report regarding the possibility of limiting all the users rights via group policy.

My company would like to sell the product "stormshield" for this purpose + the GPO job.  So bascially, i have to create a report that show that limiting a non standard computer/users parc with group policy is going to requier many man hours. and so we are trying to sell the solution Stormshiled on the top of a set of GPO which will limit all users and make it all work together. And which will save everybody many hours.

Please anyone could point me to the right tools to perform this audit/analyze. it would be greatly appreciated.


Let me know if you need more infromation which i forgot to mention, kind of very stressed out lately.

Thank you!

Jean-Marc



 


0
jmc79
Asked:
jmc79
2 Solutions
 
KenMcFCommented:
Quest has some good tools for auditing

http://www.quest.com/active-directory/compliance-and-audits.aspx

Check out the scripts that come with GPMC
http://wmug.co.uk/blogs/1972/archive/2006/05/01/39.aspx

There are other produscts as well.
http://nagios.org/
http://www.splunk.com/

It all depends on what you want to audit.
0
 
jmc79Author Commented:
Thanks! Will check.
I need to audit the AD, the GPO, and the OU structure.

Jm
0
 
AwinishCommented:
AD topology Diagram along with GPMC scripts you can do it.

http://blogs.technet.com/b/askds/archive/2007/10/12/documenting-active-directory-infrastructure-the-easy-way.aspx

You can use GPMC tool to document AD.

You can use DHCPLoc for DHCP.

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/DHCPandDNS/UsingtheDHCPLOCUtility.html


There is tool like DCdiag, netdiag, dnslint, ntdsutil to check the health & various services of AD.

http://www.shariqsheikh.com/blog/index.php/200907/adrap-scoping-tool/

You can also use ADtest tool for performance monitor of AD.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4814fe3f-92ce-4871-b8a4-99f98b3f4338&displaylang=en

Above tool is more than sufficient.


You can also check whether password policy is in place,service pack,patch Antivirus is updated.

http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
0
 
jmc79Author Commented:
Awesome!
0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now