How do I set up monitoring on domain admin accounts

Posted on 2011-04-27
Last Modified: 2013-12-04
Part of our security audit asks how we monitor all domain admin account activites and i wondered if there was a way to set this up for all admin accounts on a blanket monitoring basis for everything we do under our domain accounts

It would make life alot easier and and satisfy auditors
Many thanks
Question by:WKHhelpdesk
    LVL 4

    Accepted Solution

    LVL 37

    Expert Comment

    by:Adam Brown
    In order to collect events, you need to enable auditing for Directory Service Access. has a lot of information on configuring Auditing, and it's a fairly sizable subject. Generally, you can configure windows to collect information on changes that are made (and by whom) fairly easily, and changes to anything on the domain would be logged. The problem is that it isn't presented in a very efficient or understandable manner. That's where third party tools like the one linked by vak73 come in. Those can collect the events that are written to the audit log in Windows and collate them into a more readable format.
    LVL 5

    Expert Comment

    How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 domain. ->

    Run this on your DC to enable auditing for user management for instance:

    auditpol /set /subcategory:"user account management" /success:enable /failure:enable

    Then you can create a custom view in event viewer to show account management events.

    Author Closing Comment

    costly solution but does the job

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Transparency shows that a company is the kind of business that it wants people to think it is.
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now