Educause Security Discussion mailing list archives
Re: Active Directory Auditing
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Wed, 12 Dec 2007 14:52:27 -0700
This is one area where there are notable improvements in Windows Server 2008, so you might want to look at some of the docs and see if the new features will meet your needs. Naturally, you'll have to upgrade to Server 2008, but if it meets your needs it would be cheaper and less work (if you assume that you'll be performing the 2008 upgrade at some point anyway). Of course, if your need is more immediate, this might not be a good option. This link covers a lot of the changes: http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2 -4202-881c-ea8e02b4b2a51033.mspx As noted, Tripwire Enterprise also has an AD/LDAP change monitoring module. It's good software, but might be overkill for your needs. Brad Judy IT Security Office University of Colorado at Boulder ________________________________ From: JASON LANGDOC [mailto:JLANGDOC () UT EDU] Sent: Wednesday, December 12, 2007 12:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Active Directory Auditing I am looking to set up auditing on my Active Directory. Would like to be able to produce a reports that give details on who made change to what OU or object and when they made the change. We are currently auditing this information with the Domain Controller security policy, but with the volume of security events logged to each DC it can be hard to track down the exact event we are looking for. I have found a few third party software packages for this such as Change Auditor and InTrust Plug-in for AD. Is anyone using third party software solutions for this and what was your opinion of them? Thanks, Jay Langdoc The University of Tampa Network Administrator jlangdoc () ut edu (813)258-7380
Current thread:
- Active Directory Auditing JASON LANGDOC (Dec 12)
- <Possible follow-ups>
- Re: Active Directory Auditing HALL, NATHANIEL D. (Dec 12)
- Re: Active Directory Auditing Brad Judy (Dec 12)