Questions

Active Directory Change Auditing: Is It Important?

+
1 Votes
Locked

Active Directory Change Auditing: Is It Important?

Harold123
We recently began looking into third-party solutions for enhanced Active Directory change auditing, and given our lacking IT budget, I'm curious to know if you find this to be a primary necessity? For obvious reasons (mainly security and compliance), it's important to know what's going on within Active Directory, but I'm wondering if you're auditing changes, and if so, how you're doing it.
Thanks!
Harold
  • +
    1 Votes
    robo_dev

    If there are not all that many changes, then simply enable auditing and archive your logs....you can get most of what you need in the event logs.

    If there are lots of changes, and lots of administrators, then an AD tool would be very useful.

    +
    1 Votes
    cagjax

    While a tool is helpful, there are basic considerations you can do as well. Limiting the number of privileged accounts, who has access to what, limit service accounts and what they can do using group policies, require documentation and review. While those steps are not foolproof, they are a start in the right direction.

  • +
    1 Votes
    robo_dev

    If there are not all that many changes, then simply enable auditing and archive your logs....you can get most of what you need in the event logs.

    If there are lots of changes, and lots of administrators, then an AD tool would be very useful.

    +
    1 Votes
    cagjax

    While a tool is helpful, there are basic considerations you can do as well. Limiting the number of privileged accounts, who has access to what, limit service accounts and what they can do using group policies, require documentation and review. While those steps are not foolproof, they are a start in the right direction.