Re: Active Directory Auditing

[Brad Judy <Brad.Judy () COLORADO EDU>]

This is one area where there are notable improvements in Windows Server
2008, so you might want to look at some of the docs and see if the new
features will meet your needs.  Naturally, you'll have to upgrade to
Server 2008, but if it meets your needs it would be cheaper and less
work (if you assume that you'll be performing the 2008 upgrade at some
point anyway).  Of course, if your need is more immediate, this might
not be a good option.  
 
This link covers a lot of the changes:
 
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2
-4202-881c-ea8e02b4b2a51033.mspx
 
As noted, Tripwire Enterprise also has an AD/LDAP change monitoring
module.  It's good software, but might be overkill for your needs.  
 
Brad Judy
 
IT Security Office
University of Colorado at Boulder

________________________________

From: JASON LANGDOC [mailto:JLANGDOC () UT EDU] 
Sent: Wednesday, December 12, 2007 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Active Directory Auditing



I am looking to set up auditing on my Active Directory.  Would like to
be able to produce a reports that give details on who made change to
what OU or object and when they made the change.  We are currently
auditing this information with the Domain Controller security policy,
but with the volume of security events logged to each DC it can be hard
to track down the exact event we are looking for.  I have found a few
third party software packages for this such as Change Auditor and
InTrust Plug-in for AD.  Is anyone using third party software solutions
for this and what was your opinion of them?

 

Thanks,

 

Jay Langdoc

The University of Tampa

Network Administrator

jlangdoc () ut edu

(813)258-7380