How to monitor my Domain admins?
I want to be able to monitor my domain admins. I need to be able to see what files\folders they accessed? What changes they made to GP, AD, what mailboxes they accessed, etc... Are there any third party or other utilities that could do this. Also, I would like them not to be aware of this.
John
You would have to turn on Server Auditing and check the logging options. I generally do not use this (no need), but this is what you would do going forward. There is nothing you can do going backward from today.
ASKER
There isn't any third party utilities? And won't logging be messy?
Logging will be messy for sure.
But you need logging turned on.
Splunk is a third party tool to aggregate logs and report on them. I have heard of Splunk, but not used it.
Also look at this one:
https://www.manageengine.com/products/active-directory-audit/windows-server-auditing.html?ADAPID=1510&kw=%2Bserver%20%2Blog%20%2Baudit&adId=38640113207&gclid=CMa7p7Od-scCFcKGaQodoAcIWA
I have not use it and do not know anything about it.
There is no simple way to do what you want.
If you trust your domain administrators, why do you need to keep tabs? Perhaps you have a large number of them.
But you need logging turned on.
Splunk is a third party tool to aggregate logs and report on them. I have heard of Splunk, but not used it.
Also look at this one:
https://www.manageengine.com/products/active-directory-audit/windows-server-auditing.html?ADAPID=1510&kw=%2Bserver%20%2Blog%20%2Baudit&adId=38640113207&gclid=CMa7p7Od-scCFcKGaQodoAcIWA
I have not use it and do not know anything about it.
There is no simple way to do what you want.
If you trust your domain administrators, why do you need to keep tabs? Perhaps you have a large number of them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you should enable auditing, login/logout, file access deals with file share access, exchange mailbox.
If this is a compliance issue...
Depending on what no how easily you what to have the data, do you want.......
Splunk is one as John pointed out, you could forward all server logs to a. Central server on which splunk aggregates data converts/stores them,
The option exists with installing the SNMP feature and using an snmptrap server then evntwin maps event log to snmptraps.
.......
Most admin should have already enabled auditing on most of the items login/logout, file share files, gp, ..
If this is a compliance issue...
Depending on what no how easily you what to have the data, do you want.......
Splunk is one as John pointed out, you could forward all server logs to a. Central server on which splunk aggregates data converts/stores them,
The option exists with installing the SNMP feature and using an snmptrap server then evntwin maps event log to snmptraps.
.......
Most admin should have already enabled auditing on most of the items login/logout, file share files, gp, ..
Before recommending anything, please help us understand what you are trying to achieve.
You are maybe not even aware that this kind of monitoring activity, when done without informing the persons being monitored, could lead to serious legal trouble, depending on your country's jurisdiction. I would be very careful before I started monitoring.
You are maybe not even aware that this kind of monitoring activity, when done without informing the persons being monitored, could lead to serious legal trouble, depending on your country's jurisdiction. I would be very careful before I started monitoring.