A couple of questions:
1) Is there any way to audit in your AD:
1a) Non approved devices that have connected to your Network - and report immediately to an admin for investigation?
1b) Non approved software that has crept on to either one of your Servers or Workstations (do you create an approved list of allowed software)
1c) And major change to say a baseline workstation, such as opening ports, changing services, changing user perms etc
1d) Exact versions of software running on devices
In terms of 1b - If users dont have local admin authority, is there still a need to audit what software has crept onto their machines
What tools would you recommend can cover the above?