Shawn, Separate verification that what Gil is telling you is correct. I've needed to set up just the same to manage some issues with an Admin that had rights that he really shouldn't have, yet was mandated by management that he have them. The only way to convince management was to prove that the problems being caused were coming from the careless actions of the Admin.
On another note, code name for MACS before the name was settled on - DAD..... Meant to 'co-exist' with MOM, but Distributed Auditing Device was not a real Marketing win..... Not that I think Microsoft Audit Collection Server is all that much better... Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] File and Object auditing on the Sysvol and Policies directory explicitly should do the trick???...At least this would show who was making changes. At that point I can confront that person.. Sound correct? Thanks Gil Shawn -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 5:12 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] You can set up auditing in AD on the GPOs themselves by setting the SACLs... The accesses will show up in the security audit log. You can likewise set up auditing on the SYSVOL to track changes on the files. Use your favorite event log collector (e.g., Microsoft's MACS, which is in Beta). But translating the resulting mess of event log entries into something meaningful will be a challenge. And you won't be able to tell specifically what was changed.... Just that it was changed. -gil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Great, but anything built in to the OS? Anyway I can point a finger at a DBA that is poking is hands where they do not belong. Please don't ask why they have rights....aarrgghhh Shawn -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] FullArmor FAZAM GPO Auditor... www.fullarmor.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 2:26 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] I believe a GPO was modified by someone with the appropriate 'rights', but that person did not communicate changes were to be made and now we see some strange issues.... Issues are not the point of this question. Does anyone know of a way to determine who modified the GPO? Thanks in advance, Shawn List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
