Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Privileges/permissions required for file server auditing

1. Make the user a member of the Power Users group

Members of the Power Users group will be able to discover shares residing on Windows file servers.

  • Log in to your Domain Controller with Domain Admin privileges → Open the Group Policy Management Console → Right click on the "ADAudit Plus Permission GPO" → Edit.
  • In the Group Policy Management Editor → Computer Configuration → Preferences → Control Panel Settings → Right click on Local Users and Groups → Add Local Group.
  • In the New Local Group Properties wizard, select Update under Action → Select Power Users group under group name →Add the "ADAudit Plus" user.
active-directory-audit-make-the-power-users-group
2. Grant the user Read permission on all audited shares

There are two ways to grant the user Read permission on all the audited shares-

  • Make the user a Member of the Local Adminsitrators group.
  • a. Login to any computer with Domain Admin privileges→ Open MMC console → File → Add/Remove Snap-in → Select Local Users and Groups → Add → Another computer → Add target computer

    b. Select target computer → Open Local Users and Groups → Select Groups → Right click on administrators → Properties →Add "ADAudit Plus" user.

    c.Repeat the above steps for every audited Windows file server/cluster.

    active-directory-audit-grant-the-user-read-permission-on-audited-shares
  • Grant the user both Share and NTFS, Read permission on every audited share.
  • a. Login to any computer with Domain Admin privileges → Open MMC console → File → Add/Remove Snap-in → Select Shared Folders → Add → Another computer → Add target computer

    b.Select target computer → Select share → Right click → Properties → Security → Edit →Add the "ADAudit Plus" user → Provide both Share and NTFS, Read permission.

    c.Repeat the above steps for every audited share.

active-directory-audit-grant-the-user-read-permission-on-audited-shares-2
3. Grant the user DCOM and WMI permissions

Note: DCOM and WMI permissions are needed for file cluster auditing and WMI mode of event collection, respectively.

  • Granting DCOM permission:
  • a. Log in to any computer with Domain Admin privileges → Open Component Services → Connect to target computer → Right click on target computer → Properties → COM Security.

    b.Navigate to Launch and Activation Permissions → Edit Limits → Security Limits →Add the "ADAudit Plus" user and grant all permissions.

    c.Repeat the steps for every audited computer.

    active-directory-audit-grant-user-dcom-wmi-permissions
  • Granting WMI permission:
  • a.Log in to any computer with a Domain Admin privileges→ Run wmimgmt.msc → Right click on WMI Control → Connect to target computer.

    b. Right click on WMI Control (target computer) → Properties → Security → CIMV2 → Security → Add the "ADAudit Plus" user and grant all permissions.

    c.Repeat the steps for every audited computer.

    active-directory-audit-security-root

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting