Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Free Tools
| Overview | What To Audit in Active Directory | Top-50 Security Audit Reports | How to Audit Security |




What to Audit in Active Directory




Active Directory is the focal point of IT security audit and regulatory compliance reporting in a Microsoft Winodows Server based IT infrastructure.

IT Managers and IT admins are often tasked with auditing Active Directory to fulfil internal security audit and external regulatory compliance requirements.

This section helps IT managers and IT admins understand what IT resources (and what security aspects thereof) in the Active Directory should be included in audits.

Resources covered in this section include –

  • Domain User Accounts and Domain-Joined Computers (Accounts)
  • Domain Security Groups
  • Organizational Units and Containers




What to Include in an Active Directory Audit   –


Resources to include in an Audit Aspects of resource to include in Audit

1. Domain User Accounts

Domain user accounts need to be audited because they are used to authenticate users and provide authorized access to organizational IT resources.
  • User Account Status
    (e.g. Disabled, Expired, Locked)
  • User Account Activity
    (e.g. Active, Inactive, Last Logon)
  • User Account Security
    (e.g. Password Required, Expires)
  • User Account Administration
    (Who can manage accounts?)

2. Domain-joined Computers (Accounts)

Domain-joined computers (i.e. their accounts) need to be audited because they are in fact Kerberos security principals that play an essential role in providing end-users secure access to network resources and in providing secure distributed access to resources stored on them.
  • Computer Account Status
    (e.g. Enabled, Disabled, Locked)
  • Computer Account Activity
    (e.g. Active, Inactive, Last Logon)
  • Computer Account Security
    (e.g. Trusted for Delegation)

3. Domain Security Groups

Domain security groups need to be audited because they are used to aggregate users for the purpose of provisioning (enabling) authorized access to organizational IT resources.
  • Security Group Status
    (e.g. Type, Scope)
  • Security Group Membership
    (e.g. Members, Member Count)
  • Security Group Nesting
    (e.g. Membership in other Groups)
  • Security Group Administration
    (Who can manage groups?)

4. Organizational Units & Containers

Organizational units and containers need to be audited because they are used to store and protect IT resources residing in the Active Directory.
  • OU & Container Status
    (e.g. Created On, Linked GPOs)
  • OU & Container Contents
    (e.g. Object count)
  • OU & Container Administration
    (Who can manage OUs?)
                 What if you could instantly generate 100 essential Active Directory security audit reports for FREE?

You can, with the Gold Finger Active Directory Reporting Tool           Download your Free copy          
< About Copyright ActiveDirSec.Com 2008 – 2010. All Rights Reserved Disclaimer >