Excellent. Thank you everyone for your advice! A lot of great ideas!
TH13 on your questions:
I don't think the organization has done that for it's servers - as it appears this change they want to make - not logging came out of the blue. A risk assessment does not appear to have been done. BTW - they want to turn off all logging of login attempts across all AD servers - again from that approach, I do not believe a risk assessment was done. A presumption I am making - based on the information I have right now is that IT is responding to the some pain - the pain of disk space being chewed up by logging - and are looking for a quick fix.Quote:
What are the requirements of the system?
What is your standard logging architecture?
What has your organization decided is an acceptable level of logging?
The problem that I have observed is that this IT organization has to do that a lot of the time, because IT is looked down upon or as seen as not critical to the organization - which is interesting considering the amount of revenue that passes through the systems each day. I agree, we need to start from the bottom up, not from the top down and not just react to a situation or crisis - we need to establish a proactive IT organization to help drive the business - this situation only highlights and underscores that need.
Thanks again for the information - once I am back in town - I will be approaching IT, along with my colleagues, on this matter.