Active Directory user/client activity logging?

General Network security, firewalls, port filtering/forwarding, wireless security, anti-spyware, as well as spam control and privacy discussions.
Post Reply
User avatar
Faust
Posts: 8730
Joined: Sat Apr 22, 2000 4:34 am
Location: Huntington Beach, CA

Active Directory user/client activity logging?

Post by Faust »

For the sake of brevity...

One of our engineers will be working remotely for the next year. We've set him up with a good means to do so, but would like to have the ability to audit his user account's and, if possible, "his" host machine's (in our local network) activity. It's not a "do we trust him" issue (we do). It's just a nod to proper security practice as we have opened up a potential vulnerability.

As a quick back story, our offices' IT services are outsourced (business < 50 emplyees). I handle the fringe systems/networking (product testing lab, shop floor, etc.) which are outside the domain. And by that I mean my job involves a metric ton of non-IT responsibilities. Hence my cry for help :p

AD is not alien to me by any stretch, but I also don't pretend to be an expert.

Any guidance would be most appreciated. :)
"Today is a black day in the history of mankind."

- Leo Szilard
Top
User avatar
YeOldeStonecat
SG VIP
Posts: 51171
Joined: Mon Jan 15, 2001 12:00 pm
Location: Somewhere along the shoreline in New England

Post by YeOldeStonecat »

How will they be logging in?
MORNING WOOD Lumber Company
Guinness for Strength!!!
Top
User avatar
Faust
Posts: 8730
Joined: Sat Apr 22, 2000 4:34 am
Location: Huntington Beach, CA

Post by Faust »

Ideally HP RGS, with LogMeIn as a backup so they'll be using their regular credentials.
"Today is a black day in the history of mankind."

- Leo Szilard
Top
User avatar
Faust
Posts: 8730
Joined: Sat Apr 22, 2000 4:34 am
Location: Huntington Beach, CA

Post by Faust »

As a refinement of my original question... I suppose it's just more auditing of AD activity (file/folder access on the server) by a user. He doesn't have priviledges to create or delete accounts or anything. We' just like some traceability. No need for Untangle or Snort type network monitoring.
"Today is a black day in the history of mankind."

- Leo Szilard
Top
User avatar
YeOldeStonecat
SG VIP
Posts: 51171
Joined: Mon Jan 15, 2001 12:00 pm
Location: Somewhere along the shoreline in New England

Post by YeOldeStonecat »

Sounds like the basic logs in event viewer, look for "log on" events. May be enough for you. Haven't had the need to find 3rd party tools to track that further.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Top
Churritos
New Member
Posts: 1
Joined: Sat Dec 01, 2012 4:01 pm

Post by Churritos »

If you don’t need any filtering or reporting, you should be able to use the native audit logs to do this—you’ll just have to make sure that you keep your eye on the logs. If you need to be alerted of specific changes, I’d recommend some third-party tools because native auditing doesn’t provide it. My IT department uses the freeware versions of NetWrix Active Directory Change Reporter and NetWrix File Sever Change Reporter (the tools send reports that highlight all changes, deletions and additions to AD and file servers), and I think they’ll be useful in your case. Quest and ScriptLogic also offer some excellent tools.
Top
Post Reply

Return to “Network Security”