Configuring Active Directory Audit: A Quick Guide [PDF]
All habrovchanam trey!
When you need to enable and configure Active Directory auditing, any kind of quick tips, preferably assembled in one place, are indispensable. Such a place now and try to create here. Immediately make a reservation and say that the materials of the post (one-page pdf document) can be downloaded and used further.
So, actually go to sabzh.
')
Initially, a small checklist showing whether we did everything.
Go to the Group Policy Management Console and edit the Default Domain Controllers Policy .
Further:
Computer Configuration> Policies> Security Settings> Local Policies> Audit Policy > Audit Account Management > Define> Success > Computer Configuration> Policies> Security Settings> Local Policies> User Guide > Manage auditing and secutiry log > Define> Add User / Group (Default = Administrator)
Launch ADSIEdit from Administrator Tools> Domain> Properties popup menu> Secutiry tab> Advanced button> Auditing tab> Select “Everyone”> Edit button> Make sure the following items are disabled :
- Full Control, List Contents, Read all properties, Read permissions
> Select “Apply these auditing entries to objects and / or containers within this container only”> OK> OK> OK
The following actions are carried out through the Group Policy Management Console (edit the Default Domain Controllers Policy ).
> Computer configuration> Policies> Security Settings> Local Policies> Event Log > Maximum security log size > Define> 130048> OK
> Retain security log > Define> 14 *> OK
> Retention method for security log > Define> Overwrite events as needed
_____________________________
* Check available disk space
And finally, a small table with codes for possible events.
All that is written above can be downloaded as a beautiful PDF by reference . And if necessary, to contact him. Download, use.
When you need to enable and configure Active Directory auditing, any kind of quick tips, preferably assembled in one place, are indispensable. Such a place now and try to create here. Immediately make a reservation and say that the materials of the post (one-page pdf document) can be downloaded and used further.
So, actually go to sabzh.
')
Initially, a small checklist showing whether we did everything.
How-to # 1: Customize Audit Policy
Go to the Group Policy Management Console and edit the Default Domain Controllers Policy .
Further:
Computer Configuration> Policies> Security Settings> Local Policies> Audit Policy > Audit Account Management > Define> Success > Computer Configuration> Policies> Security Settings> Local Policies> User Guide > Manage auditing and secutiry log > Define> Add User / Group (Default = Administrator)
How-to # 2: Auditing AD Objects
Launch ADSIEdit from Administrator Tools> Domain> Properties popup menu> Secutiry tab> Advanced button> Auditing tab> Select “Everyone”> Edit button> Make sure the following items are disabled :
- Full Control, List Contents, Read all properties, Read permissions
> Select “Apply these auditing entries to objects and / or containers within this container only”> OK> OK> OK
How-to # 3: Setting Up Secutiry Event Log
The following actions are carried out through the Group Policy Management Console (edit the Default Domain Controllers Policy ).
> Computer configuration> Policies> Security Settings> Local Policies> Event Log > Maximum security log size > Define> 130048> OK
> Retain security log > Define> 14 *> OK
> Retention method for security log > Define> Overwrite events as needed
_____________________________
* Check available disk space
And finally, a small table with codes for possible events.
All that is written above can be downloaded as a beautiful PDF by reference . And if necessary, to contact him. Download, use.
Source: https://habr.com/ru/post/140569/
All Articles