Audting Changes to Active Directory Security groups.

V

Venkatesh

Hello there,

We wish to monitor changes to privilege active directory security groups. In
order to accomplish this, following auditing has been turned on:

Account Management Events
Audit directory service access

We now receive alerts for every security group that is modified. In reality,
we have like 50 security groups we consider as “privilege†(they are applied
on to critical resources). We wish to receive alerts in Event viewer for
these select 50 security groups and monitor their changes. Please let us know
how to accomplish this. Thank you in advance for your support.

V
 
N

Nir Valtman

Hi,

Before you decide to log events, i suggest to use "Restricted groups":
Link1: http://technet.microsoft.com/en-us/library/cc785631(WS.10).aspx
Link2: http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

In addition, you did not specified your OS version.
If you have windows 2008 then use the "attach task to event" feature:
http://technet.microsoft.com/en-us/library/cc748900.aspx
if you have windows 2000\2003 there is nothing out of the box, so you need
to purchase third party application.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Security in Active Directory 1
Active Directory env - Enterprise Administrators (EA) 1
active directory domain local groups 2
How to check users against security groups in Active Directory 2
Managing Active Directory with Access Book? 1
Auditing file changes does not works 1
Active Directory Security Auditing, any suggestions? 1
Active Directory Domain Security 6

Top