How far out of beta is it? -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
> -----Original Message----- > From: Free, Bob [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 29, 2003 2:08 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] > > > Microsoft Audit Collection System, formerly known by the > codename "DAD", > is a system for consolidating and analyzing security event logs. > > It is a client/server application consisting of an agent, which is > implemented as a service running on the monitored machine, and a > collector, which runs as a service on a machine dedicated to > that task. > The agent monitors the security log for changes and transmits > new events > to the collector as they occur. The collector breaks the events apart > and loads them into a database in a manner optimized for > later analysis. > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 29, 2003 10:43 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] > > I'm appearantly way behind. WTF is MACS? > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Diane Ayers [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 10:56 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] > > > > > > I was waiting for "BRO" and "SIS" to come along too after > MOM and DAD. > > Maybe they were to close to "BOB" and made someone nervous :-) > > > > Diane > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Rick Kingslan > > Sent: Tuesday, October 28, 2003 6:28 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] > > > > Shawn, > > > > Separate verification that what Gil is telling you is > correct. I've > > needed to set up just the same to manage some issues with an Admin > > that had rights that he really shouldn't have, yet was mandated by > > management that he have them. The only way to convince > management was > > > to prove that the problems being caused were coming from > the careless > > actions of the Admin. > > > > On another note, code name for MACS before the name was > settled on - > > DAD..... Meant to 'co-exist' with MOM, but Distributed > Auditing Device > > > was not a real Marketing win..... Not that I think Microsoft Audit > > Collection Server is all that much better... > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 4:16 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] > > > > File and Object auditing on the Sysvol and Policies directory > > explicitly should do the trick???...At least this would > show who was > > making changes. > > At that point I can confront that person.. > > > > Sound correct? > > > > Thanks Gil > > > > > > Shawn > > > > > > -----Original Message----- > > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 5:12 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] > > > > You can set up auditing in AD on the GPOs themselves by setting the > > SACLs... > > The accesses will show up in the security audit log. You > can likewise > > set up auditing on the SYSVOL to track changes on the > files. Use your > > favorite event log collector (e.g., Microsoft's MACS, which is in > > Beta). > > But translating the resulting mess of event log entries > into something > > > meaningful will be a challenge. And you won't be able to tell > > specifically what was changed.... Just that it was changed. > > > > -gil > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 3:00 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] > > > > > > Great, but anything built in to the OS? Anyway I can point > a finger > > at a DBA that is poking is hands where they do not belong. Please > > don't ask why they have rights....aarrgghhh > > > > > > Shawn > > > > > > -----Original Message----- > > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 4:46 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] > > > > FullArmor FAZAM GPO Auditor... www.fullarmor.com > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, October 28, 2003 2:26 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] > > > > > > I believe a GPO was modified by someone with the > appropriate 'rights', > > > but that person did not communicate changes were to be made > and now we > > > see some strange issues.... > > > > Issues are not the point of this question. Does anyone > know of a way > > to determine who modified the GPO? > > > > Thanks in advance, > > Shawn > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
