Auditting "Privileged" account logins
I am trying to see if there is a way to audit at the group or user level on a windows 2000 domain. What I mean is, I have in the past setup auditting on our domain to capture successful and failed login attempts but it was for all users. It becomes too much of a pain in the but to administer. What I am looking to do is only audit a certain number of "priviledged accounts", like the domain admin or the administrator account. Is this possible, can I somehow only setup auditing on a user by user bases or group by broup basis. Thanks
Re: Auditting "Privileged" account logins
Quote:
Originally posted here by Gixxer
I am trying to see if there is a way to audit at the group or user level on a windows 2000 domain. What I mean is, I have in the past setup auditting on our domain to capture successful and failed login attempts but it was for all users. It becomes too much of a pain in the but to administer. What I am looking to do is only audit a certain number of "priviledged accounts", like the domain admin or the administrator account. Is this possible, can I somehow only setup auditing on a user by user bases or group by broup basis. Thanks
You could always split the users up into different OUs.
So in your default domain user GPO you turn off all auditing. If you don't want to audit for everyone.
You create a general user OU, and then you also create a priviledged user OU.
There would not be any GPO for the general user OU as you want the domain policy to apply for those users.
However, for the priviledged user OU you would want to turn on auditing.
I, however, like the idea of using a 3rd party product to quickly go through your security logs. If you have the disk space to audit the actions of all users it can't hurt. It is pretty easy to parse through a CSV log file as well.