Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do I set up monitoring on domain admin accounts

Posted on 2011-04-27
Medium Priority
Last Modified: 2013-12-04
Part of our security audit asks how we monitor all domain admin account activites and i wondered if there was a way to set this up for all admin accounts on a blanket monitoring basis for everything we do under our domain accounts

It would make life alot easier and and satisfy auditors
Many thanks
Question by:WKHhelpdesk

Accepted Solution

vak73 earned 750 total points
ID: 35481121
LVL 44

Expert Comment

by:Adam Brown
ID: 35486369
In order to collect events, you need to enable auditing for Directory Service Access. http://technet.microsoft.com/en-us/library/cc771395(WS.10).aspx has a lot of information on configuring Auditing, and it's a fairly sizable subject. Generally, you can configure windows to collect information on changes that are made (and by whom) fairly easily, and changes to anything on the domain would be logged. The problem is that it isn't presented in a very efficient or understandable manner. That's where third party tools like the one linked by vak73 come in. Those can collect the events that are written to the audit log in Windows and collate them into a more readable format.

Expert Comment

ID: 35524769
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 domain. -> http://support.microsoft.com/kb/921469

Run this on your DC to enable auditing for user management for instance:

auditpol /set /subcategory:"user account management" /success:enable /failure:enable

Then you can create a custom view in event viewer to show account management events.

Author Closing Comment

ID: 35787738
costly solution but does the job

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introducing Priority Question, our latest feature.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Simple Linear Regression

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question