Forum

Ultimate Windows Security Forum » IT Audit » Active Directory » Auditing for account or group creation...

Auditing for account or group creation...

Rate Topic

Display Mode

Topic Options

Author

Message

SGupta

Posted 6/28/2010 9:31:57 AM

Forum Newbie

Group: Forum Members
Last Login: 6/28/2010 9:20:48 AM
Posts: 1, Visits: 0

How can a user or group access privilege escalation for account or group
creation can be audited and reported with the Windows 2003 active directory.

Even with all auditing enabled It only shows event id 566 as the only
significant event with little info as below. It doesn't display the user or
group being granted acccess for and/or access to

Accesses: WRITE_DAC

Properties:
WRITE_DAC

Also, in the Webnar "Top 10 Active Directory Changes to Monitor in the Security Log" it is mentioned in the slide for event 565 while it actual is event 566 as shown in the example as well.

Thanks
Sunil Gupta

Post #396

RandyFranklinSmith

Posted 7/8/2010 9:35:31 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326, Visits: 0

Look at the account management events in my Security Log Encyclopedia

Post #411

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 9:19am

Upcoming Webinars

AD Audits: Top 7 Questions to Answer When Auditors Look at Account Management and Access Control in Active Directory

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.