3. Privileges/permissions required for automatic audit policy and object level auditing configuration

3.1 Privileges/permissions required for Domain Controller auditing configuration

Granting the service account the following privileges/permissions, allows ADAudit Plus to automatially configure the required audit policy and object level auditing settings in your environment. ADAudit Plus does this by pushing the required settings via GPO, to the group which contains all the monitored computers.

  • Log in to your Domain Controller with Domain Admin privileges → Open the Group Policy Management Console → click on Default Domain Controllers Policy → Navigate to the right panel, click on the Delegation tab → Add the ADAudit Plus User → Provide permission to Edit settings, delete, modify security.

3.2 Privileges/permissions required for member server, workstation, and file server auditing configuration

3.2.1 Make the user a member of the Group Policy Creator Owners group

  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory Users and Computers → Click on Users → Navigate to the right panel, right click on Group Polciy Creator Owners group → Add the "ADAudit Plus" user as a member.

3.2.2 Grant the user, group management permissions

  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory User and Computers.
  • Click on View and ensure that Advanced Features is enabled. This will display the advanced security settings for selected objects in Active Directory Users and Computers.

  • ii. Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window, Select a principal: ADAudit Plus user → Type: Success → Applies to: This object and all descendant objects → Select permissions: Create group objects and Delete group objects.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned permissions.

  • From the Active Directory User and Computers console → Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window → Select a principal: ADAudit Plus user → Type: Success → Applies to: Descendant group objects → Select property: Write members.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned property.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link