How do I set up monitoring on domain admin accounts
Part of our security audit asks how we monitor all domain admin account activites and i wondered if there was a way to set this up for all admin accounts on a blanket monitoring basis for everything we do under our domain accounts
It would make life alot easier and and satisfy auditors
Many thanks
It would make life alot easier and and satisfy auditors
Many thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Adam Brown
In order to collect events, you need to enable auditing for Directory Service Access. http://technet.microsoft.com/en-us/library/cc771395(WS.10).aspx has a lot of information on configuring Auditing, and it's a fairly sizable subject. Generally, you can configure windows to collect information on changes that are made (and by whom) fairly easily, and changes to anything on the domain would be logged. The problem is that it isn't presented in a very efficient or understandable manner. That's where third party tools like the one linked by vak73 come in. Those can collect the events that are written to the audit log in Windows and collate them into a more readable format.
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 domain. -> http://support.microsoft.com/kb/921469
Run this on your DC to enable auditing for user management for instance:
auditpol /set /subcategory:"user account management" /success:enable /failure:enable
Then you can create a custom view in event viewer to show account management events.
Run this on your DC to enable auditing for user management for instance:
auditpol /set /subcategory:"user account management" /success:enable /failure:enable
Then you can create a custom view in event viewer to show account management events.
ASKER
costly solution but does the job