Audting Changes to Active Directory Security groups.

  • Thread starter Thread starter Venkatesh
  • Start date Start date
V

Venkatesh

Hello there,

We wish to monitor changes to privilege active directory security groups. In
order to accomplish this, following auditing has been turned on:

Account Management Events
Audit directory service access

We now receive alerts for every security group that is modified. In reality,
we have like 50 security groups we consider as “privilege†(they are applied
on to critical resources). We wish to receive alerts in Event viewer for
these select 50 security groups and monitor their changes. Please let us know
how to accomplish this. Thank you in advance for your support.

V
 
Hi,

Before you decide to log events, i suggest to use "Restricted groups":
Link1: http://technet.microsoft.com/en-us/library/cc785631(WS.10).aspx
Link2: http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

In addition, you did not specified your OS version.
If you have windows 2008 then use the "attach task to event" feature:
http://technet.microsoft.com/en-us/library/cc748900.aspx
if you have windows 2000\2003 there is nothing out of the box, so you need
to purchase third party application.
 
Back
Top