active directory: additional auditing

additional auditing can be enabled on the domain controllers by going to:
local security policy->advanced audit policy->account management

then enabling
audit user account management (for successes)
audit security group management (for successes)

these events will be listed in the windows security log

source:
http://whatevernetworks.com/?p=21

update 12/6/2013:
some other useful audit policies to enable on domain controllers are:
kerberos authentication services – success/failure
account lockout – success
logoff – success
logon – success/failure
special logon – success

these will have to be set on each domain controller unless they are set on the Default Domain Controllers Policy.

This entry was written by resinblade , posted on Tuesday January 22 2013at 06:01 pm , filed under IT . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

Comments are closed.