Monitor the Adminstrator

Archived from groups: microsoft.public.win2000.security (More info?)

Hi 2 Security concerns
First:-
How to make sure Even your Administrator
can not alter and Log files and Audit Policy
Second:-
any good tool which can easily track changes in your Active Directory
like user has been add to or remove from group
permissions has been modified in Folders or Files


Thanks 4 your Time& effort
7 answers Last reply
More about monitor adminstrator
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi, I can not help you, but just wanted to ask a question,
    if you do not mind. I have never used a newsgroup before
    and was reading about them and read that you have to sign
    up for them and configure your email to accept newsgroup
    messages. While on this MS site, I do not see anywhere
    that says you have to sign up or do anything besides click
    on "post" or "reply" etc. I wrote to someone else earlier
    and got the mail back as undeliverable. Then I noticed
    that the person, like many others, did not put their email
    address on their post like you did. So, I am guessing
    that if there is no email address, the person replies to
    the post and it looks like a new post on the screen. If
    an address is given the replier can respond the same way
    or email the person privately. Am I correct in my
    assumptions? Is there anything else I should know about
    this? If you have posted many times before, do you
    usually get responses? Thanks for helping, I appreciate
    it! Linda
    >-----Original Message-----
    >Hi 2 Security concerns
    >First:-
    >How to make sure Even your Administrator
    >can not alter and Log files and Audit Policy
    >Second:-
    >any good tool which can easily track changes in your
    Active Directory
    >like user has been add to or remove from group
    >permissions has been modified in Folders or Files
    >
    >
    >Thanks 4 your Time& effort
    >.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    You can't realistically restrict an administrator. You can monitor events by
    auditing, though an administrator can clear the security log which in itself will
    leave an event, and a malicious administrator could modify the security log. While it
    is a good idea to audit, you really need to trust people that are administrators and
    in W2K for AD, delegation can be used to do most things without making a user an
    administrator.

    See the link below on auditing. For starts it is a good idea to at least audit
    account logon events and account management on domain controllers, logon events on
    servers and domain workstations. --- Steve

    http://www.microsoft.com/technet/security/guidance/secmod144.mspx

    "Mail Man" <this4meonly@yahoo.com> wrote in message
    news:2753502d.0407130101.6fbc8114@posting.google.com...
    > Hi 2 Security concerns
    > First:-
    > How to make sure Even your Administrator
    > can not alter and Log files and Audit Policy
    > Second:-
    > any good tool which can easily track changes in your Active Directory
    > like user has been add to or remove from group
    > permissions has been modified in Folders or Files
    >
    >
    > Thanks 4 your Time& effort
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Linda
    this is not MS Site it a Google news Group
    and for me when I need to post it ask me to enter my email and
    password

    I Tried to put fake email to avoid spam but it did not work beacuse
    they send send you verification link to your email
    hope that answer your question
    thanks for passing bye

    "Linda" <anonymous@discussions.microsoft.com> wrote in message news:<2b21401c468bd$1d1b90f0$a601280a@phx.gbl>...
    > Hi, I can not help you, but just wanted to ask a question,
    > if you do not mind. I have never used a newsgroup before
    > and was reading about them and read that you have to sign
    > up for them and configure your email to accept newsgroup
    > messages. While on this MS site, I do not see anywhere
    > that says you have to sign up or do anything besides click
    > on "post" or "reply" etc. I wrote to someone else earlier
    > and got the mail back as undeliverable. Then I noticed
    > that the person, like many others, did not put their email
    > address on their post like you did. So, I am guessing
    > that if there is no email address, the person replies to
    > the post and it looks like a new post on the screen. If
    > an address is given the replier can respond the same way
    > or email the person privately. Am I correct in my
    > assumptions? Is there anything else I should know about
    > this? If you have posted many times before, do you
    > usually get responses? Thanks for helping, I appreciate
    > it! Linda
    > >-----Original Message-----
    > >Hi 2 Security concerns
    > >First:-
    > >How to make sure Even your Administrator
    > >can not alter and Log files and Audit Policy
    > >Second:-
    > >any good tool which can easily track changes in your
    > Active Directory
    > >like user has been add to or remove from group
    > >permissions has been modified in Folders or Files
    > >
    > >
    > >Thanks 4 your Time& effort
    > >.
    > >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Steven
    Thanks for your help and if I understood you correctly
    the Admin password must be kept with non IT person
    after we delegated all activity to be done in AD to other accounts


    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<hnUIc.67990$MB3.32606@attbi_s04>...
    > You can't realistically restrict an administrator. You can monitor events by
    > auditing, though an administrator can clear the security log which in itself will
    > leave an event, and a malicious administrator could modify the security log. While it
    > is a good idea to audit, you really need to trust people that are administrators and
    > in W2K for AD, ion can be used to do most things without making a user an
    > administrator.
    >
    > See the link below on auditing. For starts it is a good idea to at least audit
    > account logon events and account management on domain controllers, logon events on
    > servers and domain workstations. --- Steve
    >
    > http://www.microsoft.com/technet/security/guidance/secmod144.mspx
    >
    > "Mail Man" <this4meonly@yahoo.com> wrote in message
    > news:2753502d.0407130101.6fbc8114@posting.google.com...
    > > Hi 2 Security concerns
    > > First:-
    > > How to make sure Even your Administrator
    > > can not alter and Log files and Audit Policy
    > > Second:-
    > > any good tool which can easily track changes in your Active Directory
    > > like user has been add to or remove from group
    > > permissions has been modified in Folders or Files
    > >
    > >
    > > Thanks 4 your Time& effort
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Hire only admins you can trust.
    Enable security auditing.
    Set up both "regular user" and "admin equivalent" passwords for all network
    admins, and make sure they use their regular user accounts for most of their
    work.
    Don't give anyone the 'real' domain admin credentials.

    Mail Man wrote:
    > Hi 2 Security concerns
    > First:-
    > How to make sure Even your Administrator
    > can not alter and Log files and Audit Policy
    > Second:-
    > any good tool which can easily track changes in your Active Directory
    > like user has been add to or remove from group
    > permissions has been modified in Folders or Files
    >
    >
    > Thanks 4 your Time& effort
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Mail Man wrote:

    > Hi Linda
    > this is not MS Site it a Google news Group
    > and for me when I need to post it ask me to enter my email and
    > password
    >
    > I Tried to put fake email to avoid spam but it did not work beacuse
    > they send send you verification link to your email
    > hope that answer your question
    > thanks for passing bye
    Hi

    Actually, it is a Microsoft newsgroup hosted on Microsoft servers (but
    replicated with other non-Microsoft news servers around the world).

    It is only when posting through Google you need a valid e-mail address.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/community/scriptcenter/default.mspx
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    What I mean is that it is best to keep the number of administrators to a minimum of
    trusted people and take advantage of AD delegation to do tasks that can be done by a
    non administrator instead of giving that person admin powers. I don't necessarily
    agree with keeping the admin passwords with non IT people as their will be times
    where that will be a problem and you need to have a few people you can trust with the
    domain. --- Steve


    "Mail Man" <this4meonly@yahoo.com> wrote in message
    news:2753502d.0407132129.156aaf90@posting.google.com...
    > Hi Steven
    > Thanks for your help and if I understood you correctly
    > the Admin password must be kept with non IT person
    > after we delegated all activity to be done in AD to other accounts
    >
    >
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:<hnUIc.67990$MB3.32606@attbi_s04>...
    > > You can't realistically restrict an administrator. You can monitor events by
    > > auditing, though an administrator can clear the security log which in itself will
    > > leave an event, and a malicious administrator could modify the security log.
    While it
    > > is a good idea to audit, you really need to trust people that are administrators
    and
    > > in W2K for AD, ion can be used to do most things without making a user an
    > > administrator.
    > >
    > > See the link below on auditing. For starts it is a good idea to at least audit
    > > account logon events and account management on domain controllers, logon events
    on
    > > servers and domain workstations. --- Steve
    > >
    > > http://www.microsoft.com/technet/security/guidance/secmod144.mspx
    > >
    > > "Mail Man" <this4meonly@yahoo.com> wrote in message
    > > news:2753502d.0407130101.6fbc8114@posting.google.com...
    > > > Hi 2 Security concerns
    > > > First:-
    > > > How to make sure Even your Administrator
    > > > can not alter and Log files and Audit Policy
    > > > Second:-
    > > > any good tool which can easily track changes in your Active Directory
    > > > like user has been add to or remove from group
    > > > permissions has been modified in Folders or Files
    > > >
    > > >
    > > > Thanks 4 your Time& effort
Ask a new question

Read More

Security Monitors Windows