SlideShare ist ein Scribd-Unternehmen logo

Change Monitoring of Active Directory

Als PPTX, PDF herunterladen
Zoho Corporation
Zoho Corporation

Derek Melber, Technical Evangelist for the AD Solutions team at ManageEngine and one of only 12 Microsoft Group Policy MVPs in the world, from his extensive knowledge in the Windows Active Directory security domain showcases the benefits of Active Directory Change Monitoring and the answers the “WHY” to do it. Know the differences between traditional Windows auditing and ManageEngine ADAudit Plus auditing and reporting capabilities.

Technologie
1 von 35
Click to edit Master title style Change Monitoring of Active Directory
2 • Derek Melber, MCSE & MVP (Group Policy and AD) • derek@manageengine.com • Online Resources • ManageEngine “Active Directory” Blog • Group Policy Resource Kit – MSPress • Windows Security Audit Package Consulting • Active Directory/Windows Audit Program • Training for efficient auditing • Administration Consultant • Active Directory and Server Design/Security • Active Directory and Group Policy Design About Your Speaker
3 • What is Change Monitoring of Active Directory? • Auditing to Track Active Directory Changes • Advanced Auditing to Track Active Directory Changes • Security Log in Event Viewer • Traditional Monitoring and Auditing of Active Directory • True Continuous Monitoring and Auditing of Active Directory • ADAudit Plus Reporting and Alerting Agenda
4 • Tracking all changes that occur to objects in Active Directory • Users • Groups • Computers • Group Policy • Password Policy • Etc. What is Change Monitoring of Active Directory?
5 • Tracking all details regarding changes to objects in Active Directory • Who made the change • Which object was changed • When the change was made • What the new setting is • What the old setting was What is Change Monitoring of Active Directory?
6 • Each domain controller must have auditing enabled • Enabled Auditing of AD through Group Policy • Configure the Default Domain Controllers policy OR create new GPO and link to Domain Controllers OU • Auditing is located at: Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesAudit Policy Auditing to Track Active Directory Changes
7 Auditing to Track Active Directory Changes
8 • Success – Tracks successful changes to AD • Failure – Tracks denials to change AD Auditing to Track Active Directory Changes
9 • Audited events are stored in Event Viewer • Tracked changes are stored in Security Log on DC where event occurred • Each DC has a unique Security Log • In order to view all events, must view each DC or consolidate logs • Some events generated by Auditing directory service access • Some events generated by Auditing Account Management Auditing to Track Active Directory Changes
10 • Secret! • Enable Auditing directory service access • Configure Auditing tab after clicking Security tab of object Properties • Must select “each property” you want to track! Auditing to Track Active Directory Changes
11 • Don’t forget all areas • Users • Groups • Computers • Schema • Group Policy • GPC • GPT Auditing to Track Active Directory Changes
12 • Expanded auditing for troubleshooting, auditors and security professionals • Provides details for most compliance mandates • cce.mitre.org • Matches with Security Compliance Manager (SCM) • Still reports audited events to Security Log Advanced Auditing to Track AD Changes
13 Advanced Auditing to Track AD Changes
14 • System • Logon/logoff • Object access • Detailed tracking • Policy change • User account management • DS access • Account logon • Privilege use Advanced Auditing to Track AD Changes
15 Advanced Auditing to Track AD Changes DS Access–Directory Service Changes Reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are performed on an object. DS Change auditing, where appropriate, indicates the old and new values of the changed properties of the objects that were changed. DS Access–Directory Service Replication Reports when replication between two domain controllers begins and ends. DS Access–Detailed Directory Service Replication Reports detailed information about the information replicating between domain controllers. These events can be very high in volume. DS Access–Directory Service Access Reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server.
16 • Local GPO on Windows 2008 R2 and 7 • Computer ConfigurationWindows SettingsSecurity SettingsAdvanced Audit Policy ConfigurationSystem Audit Policy –Group Policy Object • AD GPO in GPMC (2008 R2 and 7) • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsAdvanced Audit Policy ConfigurationSystem Audit Policy – Local Group Policy Object Advanced Auditing to Track AD Changes
17 • Compatibility Issues • Legacy Audit Policy • New Advanced Auditing • If legacy Audit Policy exists… it will win over new Advanced Auditing... unless • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options • “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” is configured Advanced Auditing to Track AD Changes
18 • Can override default behavior… • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options • “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” • Enabled: will ignore legacy setting • Disabled: will use default behavior Advanced Auditing to Track AD Changes
19 Security Log in Event Viewer Maximum Log size: 4GB Microsoft Recommended: 300MB
20 •Manage Auditing and security log User Right • Configure auditing on files, folders, Registry, etc. • View audited events in Security Log • Can view and clear Security Log • Save Security Log Security Log in Event Viewer
21 •Event IDs • Older versions – 3 digit IDs • Newer versions – 4 digit IDs • www.eventid.net • Microsoft KB 947226 (Vista and Server 2008) • Microsoft KB 977519 (7 and Server 2008 R2) Security Log in Event Viewer
22 • Create Custom View of “many logs” or “many sources” into “one log” • 2008 Domain Controllers • Administrative Events • Server Roles • Active Directory Domain Services • DHCP Server • DNS Server • File Server • Network Policy and Access Services • Web Server Security Log in Event Viewer
23 • Custom View Options • Filter by log • Logged (Date/Time ranges) • Event level (type of log) • View options • By log(s) • By source(s) • Task category • Keywords Security Log in Event Viewer
24 • After Custom View is created… • Filter can be added to the view • Task can be attached to view • View can be exported • View can be copied Security Log in Event Viewer
25 • Backing up Security Log • Automatically back up logs • Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsEvent Log ServiceSecurity • Also configure Log file path Security Log in Event Viewer
26 • Security Logs size too small • Interface does not provide for reporting • Events are hard to decrypt and not easy to analyze • Events are logged on DC where event occurs… multiple logs • Alerting is not detailed enough Issues with Event Viewer
27 • Typically done one time a year • Information is gathered on servers/DCs • Information is for a single point in time • Changes can be made directly before and anytime after information is gathered Standard Auditing/Monitoring of AD
28 Standard Auditing/Monitoring of AD
29 Continuous Auditing/Monitoring of AD
30 True Continuous Monitoring of AD
31 • Reporting • Over 125 default reports • Over 10 default report areas • Users • Groups • Passwords • Logons • …more ADAudit Plus Reporting
32 • Custom Reporting • Track service account activity • Track Administrator activity • Track administrative activity • Track modifications to Group Policy ADAudit Plus Custom Reporting
33 • Alerting • Allows for an email to be sent immediately when a key change is made • Track service account activity • Track Administrator activity • Track administrative activity • Track modifications to Group Policy ADAudit Plus Alerting
34 • What is Change Monitoring of Active Directory? • Auditing to Track Active Directory Changes • Advanced Auditing to Track Active Directory Changes • Security Log in Event Viewer • ADAudit Plus Reporting and Alerting Summary
Click to edit Master title style Questions? Our gift to you… the link to download the tools! http://www.manageengine.com/products/active-directory-audit/ Thank you!

Empfohlen

Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Zoho Corporation
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
 

Empfohlen

Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Zoho Corporation
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
 
10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from OrchestratorFredrik Knalstad
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Logic app x microsoft flow
Logic app x microsoft flowLogic app x microsoft flow
Logic app x microsoft flowWagner Silveira
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics PlatformWSO2
 
System center 2012 service manager
System center 2012 service managerSystem center 2012 service manager
System center 2012 service managerMehdi Rahimi
 
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and SolutionsWSO2
 
The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementZoho Corporation
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
Addressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy StoreAddressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy StoreWSO2
 
Dynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & TricksDynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & TricksSam Fernando
 
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital EnterpriseWSO2
 
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...Globus
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringSite24x7
 
Data Architecture not Just for Microservices
Data Architecture not Just for MicroservicesData Architecture not Just for Microservices
Data Architecture not Just for MicroservicesEberhard Wolff
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08Computer Networking
 
DDD and CQRS for .NET Developers
DDD and CQRS for .NET DevelopersDDD and CQRS for .NET Developers
DDD and CQRS for .NET DevelopersAllan Mangune
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Troubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise IntegratorTroubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise IntegratorWSO2
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityPrecisely
 
Ad words audit mistakes report
Ad words audit mistakes reportAd words audit mistakes report
Ad words audit mistakes reportDigital Scientists
 
Der Tagesumsatzbericht der RHC "Daily"
Der Tagesumsatzbericht der RHC "Daily"Der Tagesumsatzbericht der RHC "Daily"
Der Tagesumsatzbericht der RHC "Daily"RHC Real Hotel Controlling GmbH
 

Weitere ähnliche Inhalte

Was ist angesagt?

10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from OrchestratorFredrik Knalstad
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Logic app x microsoft flow
Logic app x microsoft flowLogic app x microsoft flow
Logic app x microsoft flowWagner Silveira
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics PlatformWSO2
 
System center 2012 service manager
System center 2012 service managerSystem center 2012 service manager
System center 2012 service managerMehdi Rahimi
 
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and SolutionsWSO2
 
The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementZoho Corporation
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
Addressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy StoreAddressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy StoreWSO2
 
Dynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & TricksDynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & TricksSam Fernando
 
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital EnterpriseWSO2
 
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...Globus
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringSite24x7
 
Data Architecture not Just for Microservices
Data Architecture not Just for MicroservicesData Architecture not Just for Microservices
Data Architecture not Just for MicroservicesEberhard Wolff
 
DDD and CQRS for .NET Developers
DDD and CQRS for .NET DevelopersDDD and CQRS for .NET Developers
DDD and CQRS for .NET DevelopersAllan Mangune
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Troubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise IntegratorTroubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise IntegratorWSO2
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityPrecisely
 

Was ist angesagt? (20)

10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator10 ways to trigger runbooks from Orchestrator
10 ways to trigger runbooks from Orchestrator
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter Vanhove
 
Logic app x microsoft flow
Logic app x microsoft flowLogic app x microsoft flow
Logic app x microsoft flow
 
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
[WSO2Con EU 2017] Open Interoperability of WSO2 Analytics Platform
 
System center 2012 service manager
System center 2012 service managerSystem center 2012 service manager
System center 2012 service manager
 
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions
 
The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access Management
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
Addressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy StoreAddressing Security Concerns with WSO2 Governance Registry Policy Store
Addressing Security Concerns with WSO2 Governance Registry Policy Store
 
Dynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & TricksDynamics 365 - Admin Tips & Tricks
Dynamics 365 - Admin Tips & Tricks
 
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
[WSO2Con EU 2017] Streaming Analytics Patterns for Your Digital Enterprise
 
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
Globus High Assurance for Protected Data (GlobusWorld Tour - Columbia Univers...
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
 
Data Architecture not Just for Microservices
Data Architecture not Just for MicroservicesData Architecture not Just for Microservices
Data Architecture not Just for Microservices
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08
 
DDD and CQRS for .NET Developers
DDD and CQRS for .NET DevelopersDDD and CQRS for .NET Developers
DDD and CQRS for .NET Developers
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure Enterprise
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration
 
Troubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise IntegratorTroubleshooting and Best Practices with WSO2 Enterprise Integrator
Troubleshooting and Best Practices with WSO2 Enterprise Integrator
 
Monitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and SecurityMonitoring and Reporting for IBM i Compliance and Security
Monitoring and Reporting for IBM i Compliance and Security
 

Andere mochten auch

Ad words audit mistakes report
Ad words audit mistakes reportAd words audit mistakes report
Ad words audit mistakes reportDigital Scientists
 
Veränderungsmanagement bei der Implementation einer Social-Media-Strategie
Veränderungsmanagement bei der Implementation einer Social-Media-StrategieVeränderungsmanagement bei der Implementation einer Social-Media-Strategie
Veränderungsmanagement bei der Implementation einer Social-Media-StrategieMarkus Trapp
 
AD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughAD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughADAuditPlus
 
Die 10 gebote für pragmatisches Change Management
Die 10 gebote für pragmatisches Change ManagementDie 10 gebote für pragmatisches Change Management
Die 10 gebote für pragmatisches Change ManagementPMCS_helpLine
 
Einführung Change Management
Einführung Change ManagementEinführung Change Management
Einführung Change ManagementMarkus Groß
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the reportDennis Arter
 
Bank audit slideshare
Bank audit slideshareBank audit slideshare
Bank audit slidesharePriti Parab
 
Controlling and Organizational Change (Principles of Management)
Controlling and Organizational Change (Principles of Management)Controlling and Organizational Change (Principles of Management)
Controlling and Organizational Change (Principles of Management)Denni Domingo
 
A.k.a & co. internship rpoject report
A.k.a & co. internship rpoject reportA.k.a & co. internship rpoject report
A.k.a & co. internship rpoject reportCS Akshay Goyal
 
Summer training project report on Internal Audit Functions and its performanc...
Summer training project report on Internal Audit Functions and its performanc...Summer training project report on Internal Audit Functions and its performanc...
Summer training project report on Internal Audit Functions and its performanc...Debasish Phukan
 
Audit on compay- company audit
Audit on compay- company auditAudit on compay- company audit
Audit on compay- company auditpillai college
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit ProjectSoumeet Sarkar
 
Bank audit slideshare
Bank audit slideshareBank audit slideshare
Bank audit slidesharePriti Parab
 

Andere mochten auch (20)

Ad words audit mistakes report
Ad words audit mistakes reportAd words audit mistakes report
Ad words audit mistakes report
 
Der Tagesumsatzbericht der RHC "Daily"
Der Tagesumsatzbericht der RHC "Daily"Der Tagesumsatzbericht der RHC "Daily"
Der Tagesumsatzbericht der RHC "Daily"
 
Veränderungsmanagement bei der Implementation einer Social-Media-Strategie
Veränderungsmanagement bei der Implementation einer Social-Media-StrategieVeränderungsmanagement bei der Implementation einer Social-Media-Strategie
Veränderungsmanagement bei der Implementation einer Social-Media-Strategie
 
Network Audit
Network AuditNetwork Audit
Network Audit
 
AD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed WalkthroughAD Audit Plus a Detailed Walkthrough
AD Audit Plus a Detailed Walkthrough
 
Die 10 gebote für pragmatisches Change Management
Die 10 gebote für pragmatisches Change ManagementDie 10 gebote für pragmatisches Change Management
Die 10 gebote für pragmatisches Change Management
 
Einführung Change Management
Einführung Change ManagementEinführung Change Management
Einführung Change Management
 
Cle
CleCle
Cle
 
Audit findings and the report
Audit findings and the reportAudit findings and the report
Audit findings and the report
 
Bank audit slideshare
Bank audit slideshareBank audit slideshare
Bank audit slideshare
 
Controlling and Organizational Change (Principles of Management)
Controlling and Organizational Change (Principles of Management)Controlling and Organizational Change (Principles of Management)
Controlling and Organizational Change (Principles of Management)
 
Tata steel
Tata steelTata steel
Tata steel
 
Company audit
Company auditCompany audit
Company audit
 
A.k.a & co. internship rpoject report
A.k.a & co. internship rpoject reportA.k.a & co. internship rpoject report
A.k.a & co. internship rpoject report
 
Summer training project report on Internal Audit Functions and its performanc...
Summer training project report on Internal Audit Functions and its performanc...Summer training project report on Internal Audit Functions and its performanc...
Summer training project report on Internal Audit Functions and its performanc...
 
Company Auditor ppt
Company Auditor pptCompany Auditor ppt
Company Auditor ppt
 
Audit project
Audit projectAudit project
Audit project
 
Audit on compay- company audit
Audit on compay- company auditAudit on compay- company audit
Audit on compay- company audit
 
Internal Audit Project
Internal Audit ProjectInternal Audit Project
Internal Audit Project
 
Bank audit slideshare
Bank audit slideshareBank audit slideshare
Bank audit slideshare
 

Ähnlich wie Change Monitoring of Active Directory

Обзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorОбзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorBAKOTECH
 
Обзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorОбзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorMarina Gryshko
 
Remote DBA Experts SQL Server 2008 New Features
Remote DBA Experts SQL Server 2008 New FeaturesRemote DBA Experts SQL Server 2008 New Features
Remote DBA Experts SQL Server 2008 New FeaturesRemote DBA Experts
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Rolta
 
SysAid Presentation V.7
SysAid Presentation V.7SysAid Presentation V.7
SysAid Presentation V.7srinivasp2010
 
Chef Analytics Webinar
Chef Analytics WebinarChef Analytics Webinar
Chef Analytics WebinarJames Casey
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...DataScienceConferenc1
 
OSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkOSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkNETWAYS
 
Chapter 6: Data Operations Management
Chapter 6: Data Operations ManagementChapter 6: Data Operations Management
Chapter 6: Data Operations ManagementAhmed Alorage
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfKhadijaTahir29
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfRob Winters
 
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended EventsSQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Eventssqlserver.co.il
 
Evolutionary database design
Evolutionary database designEvolutionary database design
Evolutionary database designSalehein Syed
 
AppSense Environment Manager 8.5 Beta
AppSense Environment Manager 8.5 BetaAppSense Environment Manager 8.5 Beta
AppSense Environment Manager 8.5 BetaDave Allen
 
Microsoft flow how, when & why
Microsoft flow how, when & whyMicrosoft flow how, when & why
Microsoft flow how, when & whyDocFluix, LLC
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and securityDhani Ahmad
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxjohncenafls
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 

Ähnlich wie Change Monitoring of Active Directory (20)

Обзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorОбзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change Auditor
 
Обзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change AuditorОбзор и практическое применение Dell Change Auditor
Обзор и практическое применение Dell Change Auditor
 
Remote DBA Experts SQL Server 2008 New Features
Remote DBA Experts SQL Server 2008 New FeaturesRemote DBA Experts SQL Server 2008 New Features
Remote DBA Experts SQL Server 2008 New Features
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.
 
SysAid Presentation V.7
SysAid Presentation V.7SysAid Presentation V.7
SysAid Presentation V.7
 
Chef Analytics Webinar
Chef Analytics WebinarChef Analytics Webinar
Chef Analytics Webinar
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
[DSC Europe 23] Muhammad Arslan - A Journey of Auditlogs from Kafka to Elasti...
 
OSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkOSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd Erk
 
Chapter 6: Data Operations Management
Chapter 6: Data Operations ManagementChapter 6: Data Operations Management
Chapter 6: Data Operations Management
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
 
Tracking Active Directory Changes
Tracking Active Directory ChangesTracking Active Directory Changes
Tracking Active Directory Changes
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the Bijenkorf
 
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended EventsSQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
SQL Explore 2012 - Tzahi Hakikat and Keren Bartal: Extended Events
 
Evolutionary database design
Evolutionary database designEvolutionary database design
Evolutionary database design
 
AppSense Environment Manager 8.5 Beta
AppSense Environment Manager 8.5 BetaAppSense Environment Manager 8.5 Beta
AppSense Environment Manager 8.5 Beta
 
Microsoft flow how, when & why
Microsoft flow how, when & whyMicrosoft flow how, when & why
Microsoft flow how, when & why
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptx
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 

Mehr von Zoho Corporation

One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.Zoho Corporation
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacksZoho Corporation
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Zoho Corporation
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementZoho Corporation
 
Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Zoho Corporation
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryZoho Corporation
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Zoho Corporation
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...Zoho Corporation
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyZoho Corporation
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camhZoho Corporation
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisZoho Corporation
 
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Zoho Corporation
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Zoho Corporation
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...Zoho Corporation
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesZoho Corporation
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyZoho Corporation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADZoho Corporation
 
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...Zoho Corporation
 

Mehr von Zoho Corporation (20)

One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacks
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory management
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active Directory
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case study
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camh
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreis
 
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset Issues
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
 
Helpdesk delegation
Helpdesk delegationHelpdesk delegation
Helpdesk delegation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
 
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
HomeBanc trusts ManageEngine ADSelfService Plus to resolve its Password expir...
 

Kürzlich hochgeladen

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Change Monitoring of Active Directory

  • 1. Click to edit Master title style Change Monitoring of Active Directory
  • 2. 2 • Derek Melber, MCSE & MVP (Group Policy and AD) • derek@manageengine.com • Online Resources • ManageEngine “Active Directory” Blog • Group Policy Resource Kit – MSPress • Windows Security Audit Package Consulting • Active Directory/Windows Audit Program • Training for efficient auditing • Administration Consultant • Active Directory and Server Design/Security • Active Directory and Group Policy Design About Your Speaker
  • 3. 3 • What is Change Monitoring of Active Directory? • Auditing to Track Active Directory Changes • Advanced Auditing to Track Active Directory Changes • Security Log in Event Viewer • Traditional Monitoring and Auditing of Active Directory • True Continuous Monitoring and Auditing of Active Directory • ADAudit Plus Reporting and Alerting Agenda
  • 4. 4 • Tracking all changes that occur to objects in Active Directory • Users • Groups • Computers • Group Policy • Password Policy • Etc. What is Change Monitoring of Active Directory?
  • 5. 5 • Tracking all details regarding changes to objects in Active Directory • Who made the change • Which object was changed • When the change was made • What the new setting is • What the old setting was What is Change Monitoring of Active Directory?
  • 6. 6 • Each domain controller must have auditing enabled • Enabled Auditing of AD through Group Policy • Configure the Default Domain Controllers policy OR create new GPO and link to Domain Controllers OU • Auditing is located at: Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesAudit Policy Auditing to Track Active Directory Changes
  • 7. 7 Auditing to Track Active Directory Changes
  • 8. 8 • Success – Tracks successful changes to AD • Failure – Tracks denials to change AD Auditing to Track Active Directory Changes
  • 9. 9 • Audited events are stored in Event Viewer • Tracked changes are stored in Security Log on DC where event occurred • Each DC has a unique Security Log • In order to view all events, must view each DC or consolidate logs • Some events generated by Auditing directory service access • Some events generated by Auditing Account Management Auditing to Track Active Directory Changes
  • 10. 10 • Secret! • Enable Auditing directory service access • Configure Auditing tab after clicking Security tab of object Properties • Must select “each property” you want to track! Auditing to Track Active Directory Changes
  • 11. 11 • Don’t forget all areas • Users • Groups • Computers • Schema • Group Policy • GPC • GPT Auditing to Track Active Directory Changes
  • 12. 12 • Expanded auditing for troubleshooting, auditors and security professionals • Provides details for most compliance mandates • cce.mitre.org • Matches with Security Compliance Manager (SCM) • Still reports audited events to Security Log Advanced Auditing to Track AD Changes
  • 13. 13 Advanced Auditing to Track AD Changes
  • 14. 14 • System • Logon/logoff • Object access • Detailed tracking • Policy change • User account management • DS access • Account logon • Privilege use Advanced Auditing to Track AD Changes
  • 15. 15 Advanced Auditing to Track AD Changes DS Access–Directory Service Changes Reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are performed on an object. DS Change auditing, where appropriate, indicates the old and new values of the changed properties of the objects that were changed. DS Access–Directory Service Replication Reports when replication between two domain controllers begins and ends. DS Access–Detailed Directory Service Replication Reports detailed information about the information replicating between domain controllers. These events can be very high in volume. DS Access–Directory Service Access Reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server.
  • 16. 16 • Local GPO on Windows 2008 R2 and 7 • Computer ConfigurationWindows SettingsSecurity SettingsAdvanced Audit Policy ConfigurationSystem Audit Policy –Group Policy Object • AD GPO in GPMC (2008 R2 and 7) • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsAdvanced Audit Policy ConfigurationSystem Audit Policy – Local Group Policy Object Advanced Auditing to Track AD Changes
  • 17. 17 • Compatibility Issues • Legacy Audit Policy • New Advanced Auditing • If legacy Audit Policy exists… it will win over new Advanced Auditing... unless • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options • “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” is configured Advanced Auditing to Track AD Changes
  • 18. 18 • Can override default behavior… • Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options • “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” • Enabled: will ignore legacy setting • Disabled: will use default behavior Advanced Auditing to Track AD Changes
  • 19. 19 Security Log in Event Viewer Maximum Log size: 4GB Microsoft Recommended: 300MB
  • 20. 20 •Manage Auditing and security log User Right • Configure auditing on files, folders, Registry, etc. • View audited events in Security Log • Can view and clear Security Log • Save Security Log Security Log in Event Viewer
  • 21. 21 •Event IDs • Older versions – 3 digit IDs • Newer versions – 4 digit IDs • www.eventid.net • Microsoft KB 947226 (Vista and Server 2008) • Microsoft KB 977519 (7 and Server 2008 R2) Security Log in Event Viewer
  • 22. 22 • Create Custom View of “many logs” or “many sources” into “one log” • 2008 Domain Controllers • Administrative Events • Server Roles • Active Directory Domain Services • DHCP Server • DNS Server • File Server • Network Policy and Access Services • Web Server Security Log in Event Viewer
  • 23. 23 • Custom View Options • Filter by log • Logged (Date/Time ranges) • Event level (type of log) • View options • By log(s) • By source(s) • Task category • Keywords Security Log in Event Viewer
  • 24. 24 • After Custom View is created… • Filter can be added to the view • Task can be attached to view • View can be exported • View can be copied Security Log in Event Viewer
  • 25. 25 • Backing up Security Log • Automatically back up logs • Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsEvent Log ServiceSecurity • Also configure Log file path Security Log in Event Viewer
  • 26. 26 • Security Logs size too small • Interface does not provide for reporting • Events are hard to decrypt and not easy to analyze • Events are logged on DC where event occurs… multiple logs • Alerting is not detailed enough Issues with Event Viewer
  • 27. 27 • Typically done one time a year • Information is gathered on servers/DCs • Information is for a single point in time • Changes can be made directly before and anytime after information is gathered Standard Auditing/Monitoring of AD
  • 31. 31 • Reporting • Over 125 default reports • Over 10 default report areas • Users • Groups • Passwords • Logons • …more ADAudit Plus Reporting
  • 32. 32 • Custom Reporting • Track service account activity • Track Administrator activity • Track administrative activity • Track modifications to Group Policy ADAudit Plus Custom Reporting
  • 33. 33 • Alerting • Allows for an email to be sent immediately when a key change is made • Track service account activity • Track Administrator activity • Track administrative activity • Track modifications to Group Policy ADAudit Plus Alerting
  • 34. 34 • What is Change Monitoring of Active Directory? • Auditing to Track Active Directory Changes • Advanced Auditing to Track Active Directory Changes • Security Log in Event Viewer • ADAudit Plus Reporting and Alerting Summary
  • 35. Click to edit Master title style Questions? Our gift to you… the link to download the tools! http://www.manageengine.com/products/active-directory-audit/ Thank you!