Apoyo
 
Nosotros: + 1888 720 9500
Estados Unidos: +1888791 1189
Internacional: +1925924 9500
Aus: +1800 631268
Reino Unido: 0800 028 6590
CN: +86400660 8680

Marcación interna directa: +1 408 916 9892

 

Privilegios / permisos necesarios para la política de auditoría automática y la configuración de auditoría a nivel de objeto

1. Privilegios / permisos necesarios para la configuración de auditoría del controlador de dominio

Granting the service account the following privileges/permissions, allows ADAudit Plus to automatially configure the required audit policy and object level auditing settings in your environment. ADAudit Plus does this by pushing the required settings via GPO, to the group which contains all the monitored computers.

  • Log in to your Domain Controller with Domain Admin privileges → Open the Group Policy Management Console → click on Default Domain Controllers Policy → Navigate to the right panel, click on the Delegation tab → Add the ADAudit Plus User → Provide permission to Edit settings, delete, modify security.
  • active-directory-audit-group-policy-creatorsowners-group
2. Privileges/permissions required for member server, workstation, and file server auditing configuration
2.1 Make the user a member of the Group Policy Creator Owners group
  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory Users and Computers → Click on Users → Navigate to the right panel, right click on Group Polciy Creator Owners group → Add the "ADAudit Plus" user as a member.
  • active-directory-audit-group-policy-creatorsowners-group
2.2 Grant the user, group management permissions
  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory User and Computers.
  • Click on View and ensure that Advanced Features is enabled. This will display the advanced security settings for selected objects in Active Directory Users and Computers.

  • Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window, Select a principal: ADAudit Plus user → Type: Success → Applies to: This object and all descendant objects → Select permissions: Create group objects and Delete group objects.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned permissions.

    active-directory-audit-grant-the-user-group-management-permissions
  • From the Active Directory User and Computers console → Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window → Select a principal: ADAudit Plus user → Type: Success → Applies to: Descendant group objects → Select property: Write members.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned property.

    Grant the user, group management permissions

ADAudit Plus cuenta con la confianza de