Viewing an Object and Security Audit Logs

G

Guest

To Whom Can Help:

If an object is simply viewed in Active Directory, would that generate a
record in the security Audit Logs?
 
G

Guest

By default, no

You would need to configure success / failure auditing on your domain
controllers for directory service object access (success auditing is enabled
by default)
Then, you would need to configure a SACL on the objects you want to monitor,
none are configured by default because the audit logs will fill up quickly

To configure a SACL in AD Users and Computers --> View --> Advanced Features
Right click the object you want to monitor and go to properties. Click the
security tab and then Advanced. Click the auditing tab. You will now be
looking at the SACL of the object, configure who you want to monitor and what
you want logged to the security log when the read attributes.

Be very cautious doing this on many users as the audit logs will grow
extremely quickly.

Brian Delaney
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Detailed Listing of SACLs 2
Security Auditing 1
Audit account logon events causes security log meltdown :( 1
Event 565 1
Directory Service Access 2
Implementing an approval workflow for delegating administration 1
Locked workstation bad login attempts event log entries for? 1
Event Log show Folder or File Object Acccess 3

Top