Set audit permissions in the AD object SACLs

<< Inhaltsverzeichnis anzeigen >>

Navigation:  Start > Install & Config > Configure scans and logga > Configure Active Directory (AD) Logga > Enable monitoring for the AD Logga >

Set audit permissions in the AD object SACLs

After activating the audit policies you must set the audit permissions for AD objects (SACL) accordingly.

 

The user right "Manage auditing and security log" is required for the configuration of the SACL (this corresponds to the privilege "SeSecurityPrivilege"). You must be a member of the "event log reader"  or domain admin group.

 

The configuration of the SACL is only required for one of the domain controllers. All other DCs receive the configuration via replication.

 

8.0 EN managing audit SACL

 

Start the management of Active Directory users and computers on a DC by opening

 

dsa.msc




8.0 EN managing audit SACL 02

 

Activate the option "Advanced Features".




8.0 EN managing audit SACL 03

 

Select the domain that you want to monitor by right-clicking on it and selecting "Properties".




8.0 EN managing audit SACL 04

 

In the properties window, select the tab "Security" and then click on "Advanced".




8.0 EN managing audit SACL 05

 

Select the tab "Auditing".

 

Analyze the existing access rights. Perhaps the required permissions already exist.

 

If required, expand the access rights of an existing "Everyone" principal or add the desired entry.




8.0 EN managing audit SACL 06

 

At minimum, the following is required:

Principal: "Everyone"

Type: "Successful"

Apply to: "This object and all descendant objects"

 

Permissions:

Write all properties

Delete

Delete subtree

Modify permissions

Create all child objects

Delete all child objects