Viewing an Object and Security Audit Logs

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

To Whom Can Help:

If an object is simply viewed in Active Directory, would that generate a
record in the security Audit Logs?
 
By default, no

You would need to configure success / failure auditing on your domain
controllers for directory service object access (success auditing is enabled
by default)
Then, you would need to configure a SACL on the objects you want to monitor,
none are configured by default because the audit logs will fill up quickly

To configure a SACL in AD Users and Computers --> View --> Advanced Features
Right click the object you want to monitor and go to properties. Click the
security tab and then Advanced. Click the auditing tab. You will now be
looking at the SACL of the object, configure who you want to monitor and what
you want logged to the security log when the read attributes.

Be very cautious doing this on many users as the audit logs will grow
extremely quickly.

Brian Delaney
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User auditing 2
Detailed Listing of SACLs 2
Security Auditing 1
Locked workstation bad login attempts event log entries for? 1
Auditing problem 3
Effect of auditing SYSVOL directory? 1
Group policy auditing 1
Windows 2000 domain / Account logon auditing 1

Back
Top