Archived from groups: microsoft.public.win2000.security (More info?)
We have multiple domain controllers in our environment, with multiple domain admins. We have created a special account for domain admins. We have also enable Auditing on accounts. The problem is that the admins logs in using their regular (non admin Id ) and then uses the 'RUN AS' Option to run the active directory users - admin tool to make changes to the user accounts. The system generates a log for any changes made eg to the Global groups. Since they do not interacivtely login using their admin ID, there is no corresponding logs recorded for their log in.
Is there a way to monitor, the user / system that was used to logon to the domain and then 'use RUN AS' option to execute the other tools ????
We have multiple domain controllers in our environment, with multiple domain admins. We have created a special account for domain admins. We have also enable Auditing on accounts. The problem is that the admins logs in using their regular (non admin Id ) and then uses the 'RUN AS' Option to run the active directory users - admin tool to make changes to the user accounts. The system generates a log for any changes made eg to the Global groups. Since they do not interacivtely login using their admin ID, there is no corresponding logs recorded for their log in.
Is there a way to monitor, the user / system that was used to logon to the domain and then 'use RUN AS' option to execute the other tools ????
Facebook
Twitter
Instagram