Enabling Auditing Manually

Similar documents
ENABLE LOGON/LOGOFF AUDITING

How to Enable the Audit of Active Directory Objects in Windows 2008 R2 Lepide Software

LepideAuditor Suite for File Server. Installation and Configuration Guide

TROUBLESHOOTING GUIDE

Installing GFI MailArchiver

Director and Windows Server 2008 (and 2003)

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Installing GFI MailArchiver

Active Directory Change Notifier Quick Start Guide

Create, Link, or Edit a GPO with Active Directory Users and Computers

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

LDAP Server Configuration Example

Audit Policy Subcategories

Integrating LANGuardian with Active Directory

Installing GFI MailArchiver

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

Setting up DCOM for Windows XP. Research

Team Foundation Server 2012 Installation Guide

Configuration Guide for SQL Server This document explains the steps to configure LepideAuditor Suite to add and audit SQL Server.

Video Administration Backup and Restore Procedures

Installing Active Directory

How to setup a VPN on Windows XP in Safari.

Management Utilities Configuration for UAC Environments

Configuring Windows 7 to Use Encrypted (WPA-E) Wireless Services a...

TROUBLESHOOTING INCORRECT REPORTING OF THE WHO CHANGED PARAMETER

SystemTools Software Inc. Hyena Installation Guide

SystemTools Software Inc. White Paper Series Hyena Installation Requirements

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

Administrator s Guide

How to connect to VUWiFi

Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

Modular Messaging. Release 3.0 / 3.1. Diminished Permissions for Exchange.

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Tufts VPN Client User Guide for Windows

Administrator s Guide

Configuring Network Load Balancing with Cerberus FTP Server

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Using Windows Task Scheduler instead of the Backup Express Scheduler

Joining. Domain. Windows XP Pro

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Moving the TRITON Reporting Databases

How to configure the DBxtra Report Web Service on IIS (Internet Information Server)

Pocket ESA Network Server Installation

Manage Fine-Grained Password and Account Lockout Policies

Searching for accepting?

Microsoft Windows Server 2008 Active Directory, Configuring

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

NetWrix Exchange Change Reporter

Installation Guide - Client. Rev 1.5.0

Windows XP Exchange Client Installation Instructions

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Trial environment setup. Exchange Server Archiver - 3.0

Moving the Web Security Log Database

Copyright Texthelp Limited All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

How To Install An Archive Service On An Exchange Server (For A Free) With A Free Version Of Ios (For Free) On A Windows Xp Or Windows 7 (For Windows) (For An Ubuntu) (

How to connect to the diamonds wireless network with Vista.

3 Setting up Databases on a Microsoft SQL 7.0 Server

Lepide Exchange Recovery Manager

MailEnable Quick Start Guide

How To Install And Configure Windows Server 2003 On A Student Computer

Installation of MicroSoft Active Directory

How To Connect To A Wireless Network On Windows 7 (Windows 7) On A Pc Or Mac Or Ipad (Windows) On Pc Or Ipa (Windows 8) On Your Computer Or Mac (Windows). (Windows.7) On An

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

Managing User Accounts

How to install Small Business Server 2003 in an existing Active

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Network DK2 DESkey Installation Guide

Scan to SMB(PC) Set up Guide

How To Configure CU*BASE Encryption

Creating a Domain Tree

Active Directory integration with CloudByte ElastiStor

Changing Passwords in Cisco Unity 8.x

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

etoken Enterprise For: SSL SSL with etoken

Autograph 3.3 Network Installation

Getting Started Guide

2. Using Notepad, create a file called c:\demote.txt containing the following information:

Upgrade ProTracker Advantage Access database to a SQL database

FTP, IIS, and Firewall Reference and Troubleshooting

NeoMail Guide. Neotel (Pty) Ltd

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

In the Active Directory Domain Services Window, click Active Directory Domain Services.

4cast Client Specification and Installation

Important Notes for WinConnect Server ES Software Installation:

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

CruzNet Secure Set-Up Instructions for Windows Vista

Supplement I.B: Installing and Configuring JDK 1.6

Configuring Microsoft Active Directory for Integration with NextPage NXT 3 Access Control

Pcounter CGI Utilities Installation and Configuration For Pcounter for Windows version 2.55 and above

Both MS Windows 2000 Server and MS System Management Server (SMS) support this type of network installation.

Group Management Server User Guide

Transcription:

Enabling Auditing Manually This document explains the steps required to enable auditing at a domain manually

Table of Contents Enabling auditing in Lepideauditor Suite... 3 Steps to enable auditing while adding a domain... 3 Steps to enable auditing while modifying a domain... 4 Issue... 5 Solution... 6 Commands to Enable Auditing... 7 Commands for Windows Server 2008 or above... 7 Commands for Windows Server 2003... 8 Enabling Auditing using ADSIEdit.msc... 10 Support... 21

Enabling Auditing in LepideAuditor Suite Steps to enable auditing while adding a domain While adding a domain, LepideAuditor Suite gives you an option to enable its auditing. Figure 1: Add Domain wizard You can click and wait until the auditing is enabled at the domain.

Steps to enable auditing while modifying a domain In addition, you can click modifying the domain. in the Domain Settings to enable the auditing while Figure 2: Modify Domain wizard

Issue If LepideAuditor Suite faces any problem in enabling the auditing, it will display the following error message while adding/modifying the domain. Figure 3: Error message for problem in enabling the auditing In such cases, you've to manually enable the auditing settings at the Windows Server.

Solution In case, LepideAuditor Suite displays any error message or doesn t enable the auditing, then you have to perform the following steps: 1. Enable the following system audit policies: System, Logon/Logoff, Object Access, Privilege Use, Detailed Tracking, Policy Change, Account Management, DS Access, Account Logon 2. Auditing settings of the Active Directory environment could be setup as follows: Auditing Entries AD Forest Object Access Apply onto for Partition for type All AD objects Domain naming context everyone Successful This object and all descendant/child objects AD configuration object Configuration context everyone Successful This object and all descendant/child objects Table 1: Auditing Settings

Commands to Enable Auditing LepideAuditor Suite will also try to perform the following audit settings automatically. If it doesn t succeed, then you will have to perform these steps manually. Start the Command Prompt using Administrator privileges and execute these commands one by one. Commands for Windows Server 2008 or above Auditpol /set /category:"system" /success:enable /failure:enable Auditpol /set /category:"logon/logoff" /success:enable /failure:enable Auditpol /set /category:"object Access" /success:enable /failure:enable Auditpol /set /category:"privilege Use" /success:enable /failure:enable Auditpol /set /category:"detailed Tracking" /success:enable /failure:enable Auditpol /set /category:"policy Change" /success:enable /failure:enable Auditpol /set /category:"account Management" /success:enable /failure:enable Auditpol /set /category:"ds Access" /success:enable /failure:enable Auditpol /set /category:"account Logon" /success:enable /failure:enable

Commands for Windows Server 2003 auditusr /if Administrator:"System" auditusr /is Administrator:"System" auditusr /if Administrator:"Logon/Logoff" auditusr /is Administrator:"Logon/Logoff" auditusr /if Administrator:"Object Access" auditusr /is Administrator:"Object Access" auditusr /if Administrator:"Privilege Use" auditusr /is Administrator:"Privilege Use" auditusr /if Administrator:"Detailed Tracking " auditusr /is Administrator:" Detailed Tracking" auditusr /if Administrator:"Policy Change" auditusr /is Administrator:" Policy Change" auditusr /if Administrator:"Account Management" auditusr /is Administrator:" Account Management" Lepide Software Pvt. Ltd. Page 8

auditusr /if Administrator:"Directory Service Access" auditusr /is Administrator:"Directory Service Access" auditusr /if Administrator:"Account Logon" auditusr /is Administrator:" Account Logon" Lepide Software Pvt. Ltd. Page 9

Enabling Auditing using ADSIEdit.msc Perform the following audit settings using the ADSIEdit.msc on any Windows Server. Visit http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx to know more about installing and using ADSIEdit.msc. You have to perform the following steps for all Windows Server. 1. Open ADSIEdit.msc using the "Run" dialog box. You can also open it from Start Menu Administrative Tools ADSIEdit. 2. Connect to the Active Directory. Select any node and perform below steps. Repeat these steps for each root node. 3. Right-click on the root ADSI Edit and select Connect to. 4. It is required to connect to all four available naming contexts and to turn on their auditing. a. Default Naming Context b. Configuration c. RootDSE d. Schema We will connect to all these naming contexts one by one and then turn on their auditing. Figure 4: Select the naming context to which you want to connect

5. Select Default Naming Context. 6. Click OK to establish the connection. Default Naming Context will be connected and its root node will be displayed in Left Panel. 7. Expand the root node to access the domain controller s node DC=www,DC=domain,DC=com. 8. Again, right click on ADSIEdit parent node and select Connect To. 9. In Connection Settings box, select Configuration for naming context and click OK. Figure 5: Connecting to Root Configuration 10. This will connect ADSI Edit to the Domain Configuration and display its root node in the Left Panel. 11. Expand the node to access CN=Configuration,DC=www,DC=domain,DC=com. 12. Right click on ADSI Edit parent node and select Connect To. Lepide Software Pvt. Ltd. Page 11

13. Select RootDSE as naming context in Connection Settings and click OK. Figure 6: Connecting to RootDSE 14. This will connect ADSI Edit to the root of Active Directory (RootDSE) and show its root node in the Left Panel. 15. Expand root node of RootDSE to access RootDSE. 16. Again, right-click on ADSI Edit parent and select Connect To. 17. Select Schema as the naming context and click OK to connect to it. Lepide Software Pvt. Ltd. Page 12

Figure 7: Connecting to Schema 18. This will connect ADSI Edit to the Schema and display its root node in the Left Panel. 19. Expand its node to access CN=Schema,CN= Configuration,DC=www,DC=domain,DC=com. 20. Now, it is required to enable the auditing settings for the following four root nodes of different naming contexts. a. DC=www,DC=domain,DC=com b. CN=Configuration,DC=www,DC=domain,DC=com c. RootDSE d. CN=Schema,CN=Configuration,DC=www,DC=domain,DC=com Lepide Software Pvt. Ltd. Page 13

21. The user has to perform the following steps one by one for each of the above nodes. a) Right click on DC=www,DC=domain,DC=com under Default Naming Context. Figure 8: Right click on root node of Default Naming Context Lepide Software Pvt. Ltd. Page 14

b) Select Properties option to access its properties. Figure 9: Properties of root node of Default Naming Context Lepide Software Pvt. Ltd. Page 15

c) Switch to Security tab. Figure 10: Security Tab of Node Properties Lepide Software Pvt. Ltd. Page 16

d) Click Advanced to access the Advanced Security settings. Figure 11: Advanced Security Settings Lepide Software Pvt. Ltd. Page 17

e) Switch to Auditing tab in Advanced Security Settings. Figure 12: Auditing tab f) Click Add to add the user for whom you want to enable auditing. This will show the following box: Figure 13: Add user Lepide Software Pvt. Ltd. Page 18

g) Type the name of a specific user for which you want to enable the auditing. Instead, you can type Everyone to audit the changes in Group Policies for all users. h) Click Check Names to verify the username. i) Click OK to add the user. This will show the Auditing Entry box. Figure 14: Auditing Entries for www j) You can click Full Control for both successful and failed categories to monitor all events. k) Now, you have to uncheck the following entries for both Successful and Failed columns. a. Full Control b. List contents c. Read all properties Lepide Software Pvt. Ltd. Page 19

d. Read permissions Figure 15: Displaying settings to be unchecked l) Check the box Apply these auditing entries to objects and/or containers within this container only to apply the changes to its child objects as well. m) Click OK to apply the auditing entries. This will take you back to Auditing tab of Advanced Security Settings. n) Click Apply and OK to apply the auditing settings. o) Close the Properties. Lepide Software Pvt. Ltd. Page 20

22. Repeat the steps (a) to (n) of Step 21 to enable the auditing of remaining root nodes. a. CN=Configuration,DC=www,DC=domain,DC=com b. RootDSE c. CN=Schema,CN=Configuration,DC=www,DC=domain,DC=com 23. Close the window of ADSIEdit.msc. Support If auditing is still not enabled after following the above manual steps, then you can contact our Support Team. Helpline +91-9818725861 1-866-348-7872 (Toll Free for USA/CANADA) You can also email us about your queries at: sales@lepide.com for Sales support@lepide.com for Support contact@lepide.com for General Queries Lepide Software Pvt. Ltd. Page 21