Re: Active Directory Auditing

["HALL, NATHANIEL D." <halln () OTC EDU>]

I know Tripwire Enterprise will monitor AD objects and I know it will
tell you when it was changed, but I don't remember if it will tell you
who made the change.

 

--

Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
OTC Computer Networking

(417) 447-7535

 

________________________________

From: JASON LANGDOC [mailto:JLANGDOC () UT EDU] 
Sent: Wednesday, December 12, 2007 2:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Active Directory Auditing

 

I am looking to set up auditing on my Active Directory.  Would like to
be able to produce a reports that give details on who made change to
what OU or object and when they made the change.  We are currently
auditing this information with the Domain Controller security policy,
but with the volume of security events logged to each DC it can be hard
to track down the exact event we are looking for.  I have found a few
third party software packages for this such as Change Auditor and
InTrust Plug-in for AD.  Is anyone using third party software solutions
for this and what was your opinion of them?

 

Thanks,

 

Jay Langdoc

The University of Tampa

Network Administrator

jlangdoc () ut edu

(813)258-7380