Announcement

Collapse
No announcement yet.

AD - Monitoring Account Activities

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD - Monitoring Account Activities

    Hello!

    Our company's having some network analysis folks evaluate our network in general, and our executive team is asking for us to find a way to track what they do when they're logged onto our domain.

    Ideally we'd like to be able to know not only logon/logoff times, but also what servers they access and really to gather whatever data there is to gather on what happens with these accounts.

    I've looked at some Event Log options and a few paid applications, but no one method has seemed to go very far into what it is that we're really trying to do.

    So, thanks for looking and I look forward to hearing what you might have to say.

    Thanks!

  • #2
    Re: AD - Monitoring Account Activities

    Look at event auditing (via group policy)
    Account Logon Events - authenticate against DCs (log on to network)
    Logon Events - access network resources
    Also Object Access (files/folders) but this is resource intensive and requires enabling both at the GPO and at the object leve

    Lots of information on to get you going
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: AD - Monitoring Account Activities

      Hey, thanks for the reply!

      I've looked into some of those avenues, for sure, and what it makes me consider is how much time I might spend setting up the separate bits that would track what I'm looking for.

      I'd spend a dime or two for an application that could wrap it all up in one package.

      Wonder if something like that exists...

      Comment


      • #4
        Re: AD - Monitoring Account Activities

        Mainly AD auditing (I think) but you could check out:
        http://www.netwrix.com/
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X