Privileges required for Collecting
Create a 'user' account in your Active Directory and configure
ADAudit Plus Service / Domain Settings Page with this 'user'
account for data collection, processing and report generation.
|ADAudit Plus instantly starts to audit,
when provided with a 'Domain Admin' account. When
users' do not want to provide a 'Domain Admin' account,
follow the below steps to manually configure the
successful working of ADAudit Plus.
1. Manage Auditing and Security Log Privilege
Open GPMC | Create a new GPO for the domain | Add the "Domain
Controllers, Member Servers, File Servers & Workstations" that
require audit into the Security Filtering settings of this Group
Add the user in 'Manage auditing and security log' policy; this
setting can be found under Computer Configuration | Windows
Settings | Security Settings | Local Policies | User Rights
Assignment | ; Use the newly created GPO and push this setting to
all audited Servers.
2. Member of Event Log Readers
For Domain Controllers above 2003: Open Active Directory Users and
Computers | Builtin Container | Add user as a member of 'Event Log
3. DCOM & WMI Permission
The 'user' must have the DCOM & WMI permission only for the
Windows Failover Cluster configuration/WMI mode of Event
DCOM Permission: Component Services | Computers | My Computer |
Right Click and go to Properties | COM Security | Edit Limits of
'Launch and Activation Permissions | In Security Limits, Add the
'user' with Allow for all permissions.
WMI Permission: Go to Start | Run 'wmimgmt.msc' | Security Tab |
CIMV2 | Security | Add the 'user' with Allow for all permissions.
4. Member of Group Policy Creator Owners
Open Active Directory Users and Computers | Users Container | Add
user as a member of 'Group Policy Creator Owners' group
5. Member of Local Administrators Group
Open Local Users and Groups | Groups | Add user as a member of
'Local Administrators' group (On Every Monitored File Server for
File Server Auditing).
Copyright © 2018, ZOHO Corp
All Rights Reserved.