Auditing Active Directory Changes with the Windows Security Log

Webinar Registration

Active Directory is at the heart of security for on-prem networks and every cloud that integrates with AD via federation and/or synchronization.

If AD isn’t secure – nothing’s secure. That’s why it’s so important to know what’s happening in AD and when it happens. AD is a big place and you often need to allow multiple parties to make changes in AD if you are to remain responsive to business and security needs. But that means it can quickly get messy and cluttered and ultimately insecure. You need to know who made the change, why it was made and if it complies with your change control, security policies and privileged access rules.

Besides tracking changes made by internal staff and systems, monitoring AD is also crucial in order to catch and disrupt intruders. APT groups use several tactics that involve changes to AD, including the creation of backdoor accounts intended to ensure persistence while flying below the radar or to push out malware or configuration changes that facilitate lateral movement.

AD comes with extensive audit capabilities baked into the product. In this webinar I will show you the following audit policies and how they apply to AD:

Account Lockout
Policy Change
Authentication Policy Change
Authorization Policy Change
User Account Management
Computer Account Management
Security Group Management
Distribution Group Management
Other Account Management Events
Directory Service Changes
Directory Service Replication

In particular I will show you how Directory Services Changes overlaps with the User, Group and Computer audit policies, and how Directory Service Changes is the right category for tracking other AD objects important to security, like OUs and Group Policy Objects.

I will also point out the limitations and gaps in AD auditing so that you don’t waste time trying to track what can’t be tracked with native functionality alone.

ManageEngine is our sponsor for this real training for free event and Vivin Sathyan will show you how AD Audit Plus provides a single pane of glass for complete Active Directory Auditing and Reporting.

Please join us for this real training for free event.

Required

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Organization:	Required
Servers & Workstations:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.