#AD AUDIT PLUS AGENT FULL#
7ġ2 Grant the user Full control over the product installation folder Full control over the product installation folder is needed for ADAudit Plus to write in the database.
Repeat the above steps for every audited share. Select target computer Select share Right click Properties Security Edit Add the "ADAudit Plus" user Provide both Share and NTFS, Read permission. Login to any computer with Domain Admin privileges Open MMC console File Add/Remove Snap-in Select Shared Folders Add Another computer Add target computer b. Grant the user both Share and NTFS, Read permission on every audited share.
#AD AUDIT PLUS AGENT WINDOWS#
Repeat the above steps for every audited Windows file server/cluster. Select target computer Open Local Users and Groups Select Groups Right click on administrators Properties Add "ADAudit Plus" user. Login to any computer with Domain Admin privileges Open MMC console File Add/Remove Snap-in Select Local Users and Groups Add Another computer Add target computer b. 1ĩ 4.2 Grant the user Read permission on all audited shares There are two ways to grant the user Read permission on all the audited shares- Make the user a Member of the Local Adminsitrators group. Create a new domain level GPO: Open the Group Policy Management Console Right click on your domain Create a GPO in this domain and link it here Name the GPO as "ADAudit Plus Permission GPO" Remove Apply group policy permission for Authenticated Users group: Click on the "ADAudit Plus Permission GPO" Navigate to the right panel, click on the Delegation tab Advanced Click on Authenticated Users Remove the Apply group policy permission. 1.3 Create a new domain level GPO and link it to all the audited computers Since configuring permissions on individual computers is an elaborate process, a domain level GPO is created and applied on all monitored computers. Add all the audited computers as members of the "ADAudit Plus Permission Group": Right click on the "ADAudit Plus Permission Group" Properties Members Add all the Domain Controllers, Windows servers and workstations that you wish to audit. 1.2 Create a new group Open Active Directory Users and Computers Right click on your domain New Group Name the group as "ADAudit Plus Permission Group". New user, group, and GPO creation 1.1 Create a new user Open Active Directory Users and Computers Right click on your domain New User Name the user as "ADAudit Plus". If you do not want to provide Domain Admin credentials, follow the steps laid out in this guide to set-up the service account to have only the least privileges required for auditing your environment. Other privileges/permissions requiredģ Introduction ADAudit Plus instantly starts to audit activities upon providing Domain Admin credentials. Privileges/permissions required for file server auditing 4.1 Make the user a member of the Power Users group 4.2 Grant the user Read permission on all audited shares 4.3 Grant the user DCOM and WMI permissions 5.
Privileges/permissions required for automatic audit policy and object level auditing configuration 3.1 Make the user a member of the Group Policy Creator Owners group 3.2 Grant the user Group Management permissions 4. New user, group, and GPO creation Create a new user Create a new group Create a new domain level GPO and link it to all the audited computers Privileges/permissions required for event log collection Grant the user the Manage auditing and security log right Make the user a member of the Event Log Readers group 3 3.
1 ADAudit Plus Service Account ConfigurationĢ Table of Contents 1.
0 kommentar(er)
