Monitoring changes in Active Directory with built-in tools Tracking Down Attackers
ADMIN Network & Security|ADMIN #74: Software-Defined Networking
Monitoring with built-in Windows tools can prevent the worst from happening after an attempted attack.
- Mark Heitbrink.
Monitoring changes in Active Directory with built-in tools Tracking Down Attackers

For some initial, crucial findings in Windows during incident and event management, you do not need to look further than the existing Event Viewer logs. After the introduction of Windows Server 2008 and Vista, Microsoft established a more granular approach. The events are sorted into categories along with subcategories for improved monitoring and recording. Typing

auditpol /list /subcategory:*

auditpol /get /category:*

at the command line lists a quick overview of the possibilities and shows the current configuration.

You will usually control the Advanced Audit Policy Configuration settings with a group policy; you can also set it up at the command line. If you want the configuration to be used, it needs to be enabled. On newly installed systems, the correct value is set by default and does not need to be defined explicitly. However, best practices dictate activating this value with group policy for safety’s sake. The reason lies in the legacy Active Directory (AD) installed on Windows Server 2000/2003, whose Default Domain Controllers Policy has never been edited or still uses the obsolete monitoring policy. You can reset the previous configuration to Not configured if the Advanced Audit Policy Configuration is used. Enable item Audit Policy in Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options. Enforce the monitoring policy subcategory settings (Windows Vista or later) to disable the existing monitoring policy category settings.

Events: Spoiled for Choice

この蚘事は ADMIN Network & Security の ADMIN #74: Software-Defined Networking 版に掲茉されおいたす。

7 日間の Magzter GOLD 無料トラむアルを開始しお、䜕千もの厳遞されたプレミアム ストヌリヌ、9,000 以䞊の雑誌や新聞にアクセスしおください。

この蚘事は ADMIN Network & Security の ADMIN #74: Software-Defined Networking 版に掲茉されおいたす。

7 日間の Magzter GOLD 無料トラむアルを開始しお、䜕千もの厳遞されたプレミアム ストヌリヌ、9,000 以䞊の雑誌や新聞にアクセスしおください。

ADMIN NETWORK & SECURITYのその他の蚘事すべお衚瀺
Manage projects in SMEs with OpenProject Best-Laid Plans
ADMIN Network & Security

Manage projects in SMEs with OpenProject Best-Laid Plans

OpenProject supplies sensible, comprehensive project management for SMEs with few financial inputs.

time-read
10 分  |
ADMIN #75: Teamwork
Synchronize passwords in KeePass Digital Safe
ADMIN Network & Security

Synchronize passwords in KeePass Digital Safe

Usernames and passwords play an important role in security. In this article, we show you how to set up the KeePass password manager and keep it synchronized across multiple devices.

time-read
9 分  |
ADMIN #75: Teamwork
Test mechanisms for best practices in cloud design Best Clouds
ADMIN Network & Security

Test mechanisms for best practices in cloud design Best Clouds

Develop resilient and efficient cloud infrastructures for enterprise applications with the AWS Well-Architected Framework. We show you how to implement the solutions from the framework in practical terms by providing an introduction to the AWS Well-Architected tool with an example.

time-read
9 分  |
ADMIN #75: Teamwork
Six new security features Windows Server 2022 for Shielded
ADMIN Network & Security

Six new security features Windows Server 2022 for Shielded

Configure the Secured-core server components to reduce the attack surface of your system with minimal overhead.

time-read
10+ 分  |
ADMIN #75: Teamwork
Cooperation with Cyn.in Fast Action
ADMIN Network & Security

Cooperation with Cyn.in Fast Action

Cyn.in open source groupware focuses on connecting employees quickly and easily. We show you how to set up a Cyn.in environment, exchange knowledge, collaborate on projects, and manage processes. By Holger Reibold

time-read
7 分  |
ADMIN #75: Teamwork
Passkeys eliminate the need for password-based authentication Password Overboard!
ADMIN Network & Security

Passkeys eliminate the need for password-based authentication Password Overboard!

Passwords are becoming a thing of the past. We look into the basic weaknesses of passwords, explain what passkeys are all about, and assess their practicality.

time-read
5 分  |
ADMIN #74: Software-Defined Networking
Best practices when working with Docker images Shipshape
ADMIN Network & Security

Best practices when working with Docker images Shipshape

Whether you are developing containerized applications or running them, observing best practices helps to obtain optimal results.

time-read
7 分  |
ADMIN #74: Software-Defined Networking
Monitoring changes in Active Directory with built-in tools Tracking Down Attackers
ADMIN Network & Security

Monitoring changes in Active Directory with built-in tools Tracking Down Attackers

Monitoring with built-in Windows tools can prevent the worst from happening after an attempted attack.

time-read
4 分  |
ADMIN #74: Software-Defined Networking
Discover vulnerabilities with Google Tsunami Before the Wave
ADMIN Network & Security

Discover vulnerabilities with Google Tsunami Before the Wave

Google Tsunami security scanner detects errors that typically signal danger and outputs alerts. We look into how you can get the tool up and running and even write the required plugins yourself.

time-read
10 分  |
ADMIN #74: Software-Defined Networking
Containers made simple Fully Automated
ADMIN Network & Security

Containers made simple Fully Automated

The Portainer graphical management interface makes it easy to deploy containers, relieving you of huge amounts of routine work you would normally have to handle with Docker, Podman, or Kubernetes. However, the licensing structure leaves something to be desired.

time-read
10+ 分  |
ADMIN #74: Software-Defined Networking