Tutorial - Free Auditing of Active Directory for Information Security

Active Directory within a large organization goes through a lot of changes throughout the day. There are a lot of possibilities for error, creation of accounts with high privileges or missing the disabling task on an employee leaving the company.

Information Security Teams need fast and easily readable auditing, possibly with automation.

The tool

While there are several excellent products that perform this function, auditing of Active Directory can become a costly endeavor. NetWrix has a free version of their Active Directory Change Reporter. It can be installed on any computer that is a member of the domain. Here is a screenshot of the configuration screen:

The process
The auditing is performed by taking a 'snapshot' of the Active Directory Domain state at scheduled intervals. This snapshot is stored in a directory, and can be used to create HTML reports of the changes that happened between two 'snapshots'. There is even an automated reporting which will deliver report on changes to the directory at predefined schedules.

The report clearly displays what objects have been added, removed or modified within the Active Directory Domain. Ofcourse, additional history like who made the change and when can be obtained via the commercial version, but even in the free version it produces a nice set of information.

Here is a screenshot of the report

While the Free version of NetWrix is far in functionality from the big players, it provides an clear and automated reporting. It is a good choice to start with the free version, and prepare for purchasing a commercial tool by learning from it and noting which functionalities you require that this tool does not deliver.

Talkback and comments are most welcome

Related posts
Controlling Firefox Through Active Directory

No comments:

Designed by Posicionamiento Web