06, 2006 9:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD - What to monitor?
So, does Intrust do these things:
"OU creations/deletions/mods
Critical Security Group Modifications
GPO Creation/deletion/mods and Linking
Domain Administrator Logins and from where
Password chan
March 06, 2006 5:16 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD - What to monitor?
Things I like to know about.
Administration Events
OU creations/deletions/mods
Critical Security Group Modifications
GPO Creation/deletion/mods and Linking
Domai
EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adeel Ansari
Sent: Monday, March 06, 2006 9:01 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD - What to monitor?
AD Gurus,
Can you guys expand on the topic of what should be monitored in AD? and
Why?
I am talking in terms of Security
:01 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD - What to monitor?
You may want to start by looking at some commercial products and see what
functions they perform and what they monitor. NetPro's Change Auditor is
great, and the MOM AD MP (entire Technical Guide is avai
You may want to start by looking at some commercial products and see what functions they perform and what they monitor. NetPro's Change Auditor is great, and the MOM AD MP (entire Technical Guide is available) would be two nice starting points. If I remember correctly, NetPro also has an AD Health
AD Gurus,
Can you guys expand on the topic of what should be monitored in AD? and Why?
I am talking in terms of Security events only to protect AD and also protect
from attacks of any kind.
Obviously, one would monitor failed logon, too many accounts creations etc.
What else should we monitor?
R