ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Looking for a good auditing solution for Active Directory


Member

Posts: 10
Date: Jun 20, 2012
Looking for a good auditing solution for Active Directory
Permalink  
 


Hello,

We have a need to be acquire and roll out an auditing solution for Active Directory, so we can have the ability to have audit entries from all domain controllers in our forest collected and available for analysis.

This is primarily intended to provide us the ability to have insight into who performed what administrative tasks in our Active Directory. 

For example, if a delegated administrator were to reset a user's password on some domain controller in some domain, we'd like to be able to have the audit entry show up in our collective audit logs.

I'm sure many of you may have encountered this business need, so I thought of tapping into your collective insights for some help.

Thank you very much for your inputs.

Cheers,

Danny



__________________


Member

Posts: 21
Date: Jun 27, 2012
RE: Looking for a good auditing solution for Active Directory
Permalink  
 


Hi Danny,

A good auditing solution is definitely something one must have, along with a good Active Directory audit solution, which is of course essential.

You do have many options here ranging from Microsoft's Microsoft  Audit Collection Service (MACS) to various 3rd party solutions from vendors like Quest Software, Netwrix, BlackBird, ManageEngine and others. 

Let me know if you need some specific recommendations and I'll be happy to help.

Good luck.

Ishmael.



__________________

There isn't a system that cannot be broken into.



Member

Posts: 10
Date: Jan 17, 2013
RE: Looking for a good auditing solution for Active Directory
Permalink  
 


Hi Ishmael,

Yes, could you please share your recommendations on a good auditing solution that we could use for auditing password resets and other critical changes made in our Active Directory?

Thanks,

Danny.



__________________


Member

Posts: 21
Date: Jan 18, 2013
RE: Looking for a good auditing solution for Active Directory
Permalink  
 


Hi Danny,

I was going to recommend a specific Active Directory auditing tool, but since there are so many auditing tools out there these days, I think you can't go wrong with either of them, as they all are pretty much the same for the most part.

The one thing I will say though since you brought up a very important point i.e. password resets, is that one of the most valuable pieces of information you can have is to know who can reset the password of each of your administrative accounts, especially Domain Admins and Enterprise Admins.

The reason I say this is very important is because these days the risk of Active Directory privilege escalation, which involves the user of password resets to elevate privilege, is increasing dramatically, so you want to make sure that there are no loose holes left in the security of your Active Directory.

Fortunately, with the help of a password reset analysis tool, you can now figure this out easily.

Best wishes,

Ishmael. 



__________________

There isn't a system that cannot be broken into.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me