Account Management
T he Account Management Security log category is particularly valuable because you can use it to track maintenance of user, group, and computer objects in AD as well as to track local users and groups in member server and workstation SAMs. This category is also very easy to use because Windows uses a different event ID for each type of object and operation.
You can use Account Management events to track things like new user accounts, password resets, and new members being added to groups. Monitoring maintenance of domain users and groups can be a key aspect of compliance with legislation such as the Sarbanes-Oxley (SOX) Act and Health Insurance Portability and Accountability Act (HIPAA) because access to private or financially significant information is controlled largely through group membership and based on user-account authentication.
More information on this audit category is available in WinSecWiki
This is just a fraction of the wealth of information available only in Randy Franklin Smith's eBook, The Windows Server Security Log Revealed.
|
