1 / 13

Module 7: Auditing Active Directory Domain Services Changes

Module 7: Auditing Active Directory Domain Services Changes. Module Overview. What’s New with AD DS Auditing Implementing AD DS Change Auditing. Lesson 1: What’s New with AD DS Auditing. Auditing Overview Auditing with Windows Server 2008. Auditing Overview. Audit directory service access.

maik
Download Presentation

Module 7: Auditing Active Directory Domain Services Changes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Module 7:Auditing Active Directory Domain Services Changes

  2. Module Overview • What’s New with AD DS Auditing • Implementing AD DS Change Auditing

  3. Lesson 1: What’s New with AD DS Auditing • Auditing Overview • Auditing with Windows Server 2008

  4. Auditing Overview Audit directory service access Directory service access events Description 566A generic object operation took place

  5. Auditing with Windows Server 2008 Audit Directory Service Access Directory Service Access Directory Service Changes Directory Service Replication Detailed Directory Service Replication

  6. Lesson 2: Implementing AD DS Change Auditing • Global Audit Policy • System Access Control List • Schema • New AD DS Auditing Events • Attribute Syntaxes

  7. Global Audit Policy Windows Server 2000 and Windows Server 2003 Directory service access events Description 566A generic object operation took place Windows Server 2008 Directory service access events Description 4662 generic object operation took place

  8. System Access Control List SACL

  9. Schema Schema Event Type 1 Event Type 2 Event Type 3 Event Type 4 Event Type 5 Audited

  10. New AD DS Auditing Events Modify 5136 Create 5137 Undelete 5138 Move 5139

  11. Attribute Syntaxes Registry setting information is as follows: • Location: HKLM\System\CurrentControlSet\Services\NTDS\Setting name: MaximumStringBytesToAudit • Type: REG_DWORD • Values • Default registry value: 1000 • Minimum registry value: 0 • Maximum registry value 64000

  12. Review • What’s New with AD DS Auditing • Implementing AD DS Change Auditing

  13. Lab: Using AD DS Auditing • Exercise 1: Set-up AD DS Auditing • Exercise 2: Create and View Auditing Events

More Related