Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Privileges and Permissions

Required Privileges and Permissions - ADAudit Plus

Create a 'user' account in your Active Directory and configure ADAudit Plus Service / Domain Settings Page with this 'user' account for data collection, processing and report generation.

ADAudit Plus instantly starts to audit, when provided with a 'Domain Admin' account. When users' do not want to provide a 'Domain Admin' account, follow the below steps to manually configure the successful working of ADAudit Plus.

1. Manage Auditing and Security Log Privilege

Open GPMC | Create a new GPO for the domain | Add the "Domain Controllers, Member Servers, File Servers & Workstations" that require audit into the Security Filtering settings of this Group Policy Object.

Manage 'Auditing and Security Log' Privilege

Add the user in 'Manage auditing and security log' policy; this setting can be found under Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment | ; Use the newly created GPO and push this setting to all audited Servers.

Manage 'Auditing and Security Log' Privilege

2. Member of Event Log Readers

For Domain Controllers above 2003: Open Active Directory Users and Computers | Builtin Container | Add user as a member of 'Event Log Readers' group.

Member of Event Log Readers For Domain Controllers

3. DCOM & WMI Permission

The 'user' must have the DCOM & WMI permission only for the Windows Failover Cluster configuration.

  • DCOM Permission: Component Services | Computers | My Computer | Right Click and go to Properties | COM Security | Edit Limits of 'Launch and Activation Permissions | In Security Limits, Add the 'user' with Allow for all permissions. .
DCOM Permission
  • WMI Permission: Go to Start | Run 'wmimgmt.msc' | Security Tab | CIMV2 | Security | Add the 'user' with Allow for all permissions. 
WMI Permission

4. Member of Group Policy Creator Owners

Open Active Directory Users and Computers | Users Container | Add user as a member of 'Group Policy Creator Owners' group

Member of Group Policy Creator Owners

5. Member of Local Administrators Group

Open Local Users and Groups | Groups | Add user as a member of 'Local Administrators' group (On Every Monitored File Server for File Server Auditing).

Member of Local Administrators Group
A single pane of glass for complete Active Directory Auditing and Reporting