Audit domain admins

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

I need to audit or verify every change that any user with
domain admin rights do in the Domain Controller.

For instance: User Beth, she removed domain admin rights
to another user who had them. For that reason the user had
several problems working on a project. So the point is how
may I know that she did it ? 'Cos at the same time she has
full rights? How to audit that , or any software to check
and keep a log about what changes or movements do all
domain admins users !!

Thanks any comments !!!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I don't know of a way to audit everything. For instance I don't know of a
good way to audit who changed a Group Policy user configuration setting but
you can audit a lot. On Domain Controller Security Policy enable auditing of
account management, policy change, and system events which will record
events for when a user creates/manages users [including password reset] or
groups, when a user changes audit policy or user rights assignments, or when
certain system events occur. The events would be recorded in the security
logs of the domain controllers and you would have to check each domain
controller which can easily be done with the free Event Comb tool from
Microsoft. The link below contains much more detail including explanation of
common events recorded in the security log. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx

"Misaro" <anonymous@discussions.microsoft.com> wrote in message
news:8bbf01c4d19c$650cfd70$a601280a@phx.gbl...
> Hi,
>
> I need to audit or verify every change that any user with
> domain admin rights do in the Domain Controller.
>
> For instance: User Beth, she removed domain admin rights
> to another user who had them. For that reason the user had
> several problems working on a project. So the point is how
> may I know that she did it ? 'Cos at the same time she has
> full rights? How to audit that , or any software to check
> and keep a log about what changes or movements do all
> domain admins users !!
>
> Thanks any comments !!!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom