Educause Security Discussion mailing list archives
Re: AD Security Audit Tools
From: "Marion, David" <David.Marion () BRIDGEW EDU>
Date: Thu, 1 Sep 2011 10:00:31 -0400
Philip, I've found some of the MS tools to be useful in automating auditing with some diff scripts like dsquery. I've also had a lot of success with dumpsec/dumpacl. I haven't used them in a while, but I remember them being very useful. I'm a huge fan of taking that baseline and comparing how things change over time. Best, Dave Marion Bridgewater State University -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Philip Webster Sent: Thursday, September 01, 2011 1:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] AD Security Audit Tools Hi, We're looking to perform an automated security review of our Active Directory installation, and in particular would like to identify good practices, compliance with standards and best practice, and anywhere that improvements are required or recommended. We are evaluating SekChek, Gold Finger, and Quest Reporter, and are interested in anyone's experience in these or other such tools. We're not looking at a monitoring or real-time auditing tool, but rather a point-in-time assessment. Thanks! -- Philip Webster Senior IT Advisor | Assurance and Risk Management Services Queensland University of Technology
Current thread:
- AD Security Audit Tools Philip Webster (Aug 31)
- Re: AD Security Audit Tools Dr. Wole Akpose (Sep 01)
- Re: AD Security Audit Tools Marion, David (Sep 01)