|
Auditing* Delegated Access in Active Directory | |
|
|
Active Directory is the foundation of identity and access management and the focal point of administrative delegation in a Microsoft Windows Server based IT infrastructure.
Administrative authority for vital aspects of IT management (such as user account and group management) is delegated in Active Directory.
The need to audit who has what administrative access for vital IT management functions must thus be an essential component of every organization's IT security apparatus.
Active Directory security audits thus constitute an integral part of an organization's IT security audit requirements and processes, and of an organization's controls aimed at demonstrating regulatory compliance.
This section helps IT administrators and managers understand the challenges in auditing delegated access in Active Directory and shows them how to accurately audit delegations in Active Directory.
* The term 'auditing" as used here refers to the business process of performing an audit of IT resources, as opposed the generation of an entry in audit log that denotes the occurence of a specific event.
|
|
|