I'm appearantly way behind. WTF is MACS? -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
> -----Original Message----- > From: Diane Ayers [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 10:56 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] > > > I was waiting for "BRO" and "SIS" to come along too after MOM and DAD. > Maybe they were to close to "BOB" and made someone nervous :-) > > Diane > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, October 28, 2003 6:28 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] > > Shawn, > > Separate verification that what Gil is telling you is > correct. I've needed > to set up just the same to manage some issues with an Admin > that had rights > that he really shouldn't have, yet was mandated by management > that he have > them. The only way to convince management was to prove that > the problems > being caused were coming from the careless actions of the Admin. > > On another note, code name for MACS before the name was settled on - > DAD..... Meant to 'co-exist' with MOM, but Distributed > Auditing Device was > not a real Marketing win..... Not that I think Microsoft > Audit Collection > Server is all that much better... > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 4:16 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] > > File and Object auditing on the Sysvol and Policies directory > explicitly > should do the trick???...At least this would show who was > making changes. > At that point I can confront that person.. > > Sound correct? > > Thanks Gil > > > Shawn > > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 5:12 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] > > You can set up auditing in AD on the GPOs themselves by > setting the SACLs... > The accesses will show up in the security audit log. You can > likewise set up > auditing on the SYSVOL to track changes on the files. Use > your favorite > event log collector (e.g., Microsoft's MACS, which is in Beta). > But translating the resulting mess of event log entries into something > meaningful will be a challenge. And you won't be able to tell > specifically > what was changed.... Just that it was changed. > > -gil > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 3:00 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] > > > Great, but anything built in to the OS? Anyway I can point a > finger at a > DBA that is poking is hands where they do not belong. Please > don't ask why > they have rights....aarrgghhh > > > Shawn > > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 4:46 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] > > FullArmor FAZAM GPO Auditor... www.fullarmor.com > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 2:26 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] > > > I believe a GPO was modified by someone with the appropriate > 'rights', but > that person did not communicate changes were to be made and > now we see some > strange issues.... > > Issues are not the point of this question. Does anyone know > of a way to > determine who modified the GPO? > > Thanks in advance, > Shawn > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
