Need to audit the use of 2 accounts with domain admin rights

G

g.cross

Hi

I hope you may be able to help.

I've needed to create two user accounts with domain admin rights.
These are to be used by colleagues when I'm absent from the workplace.
They have asked that the use of these accounts be audited, as one
doesn't want to be held reponsible for something the other may have
done.
I've created an organisational unit in Active Directory to hold these 2
accounts. Can some sort of policy be applied to this OU. I haven't
had the need to audit like this before and would welcome any advice.

Thanks very much.
 
R

Roger Abell [MVP]

No. Auditing is set for the domain, and cannot be set differently
for a couple of accounts. The exception to this is object access
audits which require both the domain wide auditing enable for
success and/or failure and then a security audit setting on the
specific objects (like filesystem area) that is to cause audit records
when those are "touched". For these you can control per-object
what accounts will generate audit records when touched in which
manners. All other auditing (account management, policy changes,
etc.) are for all accounts if enabled.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

[Win7] Disable admin-group accounts demotion? 4
Domain admin users audit 5
Domain Audit Policy not applying to one server 4
GPO and Audit 3
All Domain Admin Accounts Locked 2
Allow Admins to log on to W2K Desktop with Admin Rights 6
client xp admin rights 1
Problem migrating local profiles to domain profiles on XP 2

Top