Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Privileges/permissions required for automatic audit policy and object level auditing configuration

1. Privileges/permissions required for Domain Controller auditing configuration

Granting the service account the following privileges/permissions, allows ADAudit Plus to automatially configure the required audit policy and object level auditing settings in your environment. ADAudit Plus does this by pushing the required settings via GPO, to the group which contains all the monitored computers.

  • Log in to your Domain Controller with Domain Admin privileges → Open the Group Policy Management Console → click on Default Domain Controllers Policy → Navigate to the right panel, click on the Delegation tab → Add the ADAudit Plus User → Provide permission to Edit settings, delete, modify security.
  • active-directory-audit-group-policy-creatorsowners-group
2. Privileges/permissions required for member server, workstation, and file server auditing configuration
2.1 Make the user a member of the Group Policy Creator Owners group
  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory Users and Computers → Click on Users → Navigate to the right panel, right click on Group Polciy Creator Owners group → Add the "ADAudit Plus" user as a member.
  • active-directory-audit-group-policy-creatorsowners-group
2.2 Grant the user, group management permissions
  • Log in to your Domain Controller with Domain Admin privileges → Open Active Directory User and Computers.
  • Click on View and ensure that Advanced Features is enabled. This will display the advanced security settings for selected objects in Active Directory Users and Computers.

  • Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window, Select a principal: ADAudit Plus user → Type: Success → Applies to: This object and all descendant objects → Select permissions: Create group objects and Delete group objects.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned permissions.

    active-directory-audit-grant-the-user-group-management-permissions
  • From the Active Directory User and Computers console → Right click on Users → Properties → Security → Advanced → Auditing → Add → In the Auditing Entry window → Select a principal: ADAudit Plus user → Type: Success → Applies to: Descendant group objects → Select property: Write members.
  • Note: Use Clear all to remove all permissions and properties before selecting the mentioned property.

    Grant the user, group management permissions

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting