I'm curious, do you have any more details? -----Original Message----- From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 2:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Security
don't use the Restricted Groups feature on domain groups, especially domain admins. This has caused various issues for companies and thus they've backed away from this approach. However, using restricted groups on member servers and clients works well. \Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Donnerstag, 10. Juni 2004 19:38 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Security If you want to make sure that no one is added to the group you could make the group a Restricted Group via a GPO. If you want to know when a user is added to the group, you could use a GPO to turn on auditing of "Account Management" but then you would have to search the audit logs of all of the DCs in the domain to find the activity. Or you could write a script that looked at the group membership and compared it with a pre-determined list. Then execute the script on a schedule of your choice. -----Original Message----- From: Aaron Visser [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 9:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Security I need to know when the Domain Admin Group has a user added to it or at least have that operation audited, is there anyway to perform this with GPO or something built into win2k server. Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
