Advanced Configurations

 

Advanced Configurations in ADAudit Plus allows a user to define one or more audit actions that needs to be reported. It facilitates filtering rules for a user to create new actions or modify any of the pre-configured actions. Filters help to define actions to suit his reporting need.

 

Default Audit Actions and Configuring New Actions

 

ADAudit Plus has a list of pre-configured Audit Actions which are associated with their respective report profile categories. Pre-Configured Audit Actions provided by ADAudit Plus are provided after a detailed study on commonly used auditing actions in various environments. To know more on the Pre-Configured Actions for Report Profile Categories, Steps to create a New Action for Report Profile Category, Copying and Modifying an Action.

 

• Account Logon

• Local Logon-Logoff

• Account Creation

• User Modification

• Computer Modification

• Group Modification

• Domain Policy Changes

• Group Policy Objects (GPO) Management Changes

• Organizational Unit (OU) Management Changes

Account Logon Category

 

Pre-Configured Actions for Account Logon in ADAudit Plus

• Logon Failure Events

• Logon Success Events

• Logon Failure Events 2000 AD

 

To configure a New Account Logon Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Account Logon Action".

3. Enter the "Action Name".

4. Enter the "Description" for Action Name.

5. Enter the "Rule Group Name".

6. Create "Filter Rules".

7. A Filter Rule is a combination of a Variable and a Value connected by a relational operator.

8. The Variable and the Relational Operator can be selected from Drop Downs.

9. Variables listed in the Drop Down correspond to Account Logon.

10. Any Number of filter rules can be added to a Rule Group.

11. To add a Filter Rule, click on the Plus Icon .

12. To remove Filter Rule, click on the cross icon .

13. A Rule Group is defined by one or more filter rules combined by a common logical operator (AND or OR ).

14. Any Number of Rule Groups can be Added.

15. Click on "Add Rule Group" button to add a New Rule Group.

16. To delete a Rule Group use the "Delete Rule Group" Button.

17. Click on Update to Save the configured Action with the Action Name Provided.

 

To Modify an Account Logon Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Account Logon Action that needs to be modified.

3. This allows to modify the Account Logon Action for the Action Selected.

To Copy an Account Logon Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the Account Logon Action that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

Local Logon-Logoff Category

 

Pre-Configured Actions for Local Logon and Logoffs on Domain controller machines available in ADAudit Plus

• Logoff Events (Local)

• Logoff Failure Events (Local)

• Session Reconnected / Disconnected to/from Workstation

• Local Logon Success

To configure a New Local Logon-Logoff Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Local Logon-Logoff Action".

3. Follow the steps as for Account Logon Action.

 

To Modify a Local Logon-Logoff Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Account Creation Action that needs to be modified.

3. This allows to modify the Local Logon-Logoff Action for the Action Selected.

To Copy an Local Logon-Logoff Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the Local Logon-Logoff Action that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

Account Creation Category

 

Pre-Configured Actions for Account Creation in ADAudit Plus

• Security Group created

• Distribution Group created

• User Account Created

• Computer Account created

To configure a New Account Creation Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Account Creation Action".

3. Follow the steps as for Account Logon Action.

To Modify an Account Creation Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Account Creation Action that needs to be modified.

3. This allows to modify the Account Creation Action for the Action Selected.

To Copy an Account Creation Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the Account Creation Action that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

User Modification Category

 

Pre-Configured Actions for User Modification in ADAudit Plus

• User Account was Locked

• User Account was Unlocked

• User Password was set

• User Account Enabled

• User Account Disabled

• User Password was changed

• User Name Changed

• User Account Modified

• User Account Deleted

To configure a New User Modification Action:

 

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Account Creation Action".

3. Follow the steps as for Account Logon Action.

To Modify an User Modification Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the User Modification Action that needs to be modified.

3. This allows to modify the User Modification Action for the Action Selected.

To Copy an User Modification Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "User Modification Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

 

Computer Modification Category

 

Pre-Configured Actions for Computer Modification in ADAudit Plus

• Computer account Modified

• Computer Name Changed

• Computer account deleted

• Computer account disabled

• Computer account enabled

 

To configure a New Computer Modification Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Computer Modification Action".

3. Follow the steps as for Account Logon Action.

To Modify an Computer Modification Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Computer Modification Action that needs to be modified.

3. This allows to modify the Computer Modification Action for the Action Selected.

To Copy a Computer Modification Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "Computer Modification Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

 

Group Modification Category

 

Pre-Configured Actions for Group Modification in ADAudit Plus

• Distribution group deleted

• Member Added to Security Group

• Group Name Changed

• Member Removed from Security Group

• Member Removed from Distribution Group

• Security Group Deleted

• Member added to Distribution group

 

To configure a New Group Modification Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Computer Modification Action".

3. Follow the steps as for Account Logon Action.

To Modify a Group Modification Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Computer Modification Action that needs to be modified.

3. This allows to modify the Computer Modification Action for the Action Selected.

To Copy a Group Modification Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "Group Modification Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

 

Domain Policy Changes Category

 

Pre-Configured Actions for "Domain Policy Changes Category" in ADAudit Plus

• Domain Policy Changed

To configure a New Domain Policy Change Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New Domain Policy Changes Action".

3. Follow the steps as for Account Logon Action.

To Modify a Domain Policy Change Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the Domain Policy Changes Action that needs to be modified.

3. This allows to modify the Domain Policy Changes Action for the Action Selected.

To Copy a Domain Policy Change Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "Domain Policy Changes Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

 

Group Policy Object (GPO) Management Category

 

Before extracting the reports ensure that the below audit entries are enabled in the SACL (Security Access Control Limits for the Domain). Click here to view SACLs to enabled for GPOs.

Pre-configured reports for  "GPO Management" category in ADAudit Plus.

• GPOs Created

• GPOs Deleted

• GPOs Modified

• GPO Link changes

To configure a New GPO Management Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New GPO Management Action".

3. Follow the steps as for Account Logon Action.

To Modify a GPO Management Change Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the "GPO Management Action" that needs to be modified.

3. This allows to modify the "GPO Management Action" for the Action Selected.

To Copy a GPO Management Change Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "GPO Management Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---

 

Organizational Unit (OU) Management Category

 

Before extracting the OU change reports ensure that the below audit entries for OUs are enabled in the SACL (Security Access Control Limits for the Domain). Click here to view SACLs to enabled for GPOs.

Pre-configured reports for  "OU Management" category in ADAudit Plus.

• OUs Created

• OUs Deleted

• OUs Modified

To configure a New OU Management Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on "New OU Management Action".

3. Follow the steps as for Account Logon Action.

To Modify a OU Management Change Action:

1. Click on Configuration -->> Advanced Configuration .

2. Click on Modify Icon against the "OU Management Action" that needs to be modified.

3. This allows to modify the "OU Management Action" for the Action Selected.

To Copy a OU Management Change Action

1. Click on Configuration -->> Advanced Configuration .

2. Click on Copy Icon against the "OU Management Action" that needs to be copied.

3. A copy of the Action Selected is created with a Name "Copy of ****** ".

4. To modify the copy Click on Modify Icon

Top

---