Required Privileges and Permissions - ADAudit Plus
Create a 'user' account in your Active Directory and configure ADAudit Plus Service / Domain Settings Page with this 'user' account for data collection, processing and report generation.
ADAudit Plus instantly starts to audit, when provided with a 'Domain Admin' account. When users' do not want to provide a 'Domain Admin' account, follow the below steps to manually configure the successful working of ADAudit Plus.
Manage Auditing and Security Log Privilege
Add the user in 'Manage auditing and security log' policy; this is present in Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment - Use a GPO and push this setting to all audited Servers.
Member of Event Log Readers
- For Domain Controllers above 2003: Open Active Directory Users and Computers | Builtin Container | Add user as a member of 'Event Log Readers' group.
DCOM & WMI Permission
The 'user' must have the DCOM & WMI permission in the Primary Domain Controller of the domain.
- DCOM Permission: Component Services | Computers | My Computer | Right Click and go to Properties | COM Security | Edit Limits of 'Launch and Activation Permissions | In Security Limits, Add the 'user' with Allow for all permissions. .
- WMI Permission: Go to Start | Run 'wmimgmt.msc' | Security Tab | CIMV2 | Security | Add the 'user' with Allow for all permissions.
Member of Group Policy Creator Owners
Open Active Directory Users and Computers | Users Container | Add user as a member of 'Group Policy Creator Owners' group
Member of Local Administrators Group
Open Local Users and Groups | Groups | Add user as a member of 'Local Administrators' group (On Every Monitored File Servers for File Server Auditing).