Module 12: Auditing Active Directory Domain Services Changes.
-
Upload
derek-poole -
Category
Documents
-
view
220 -
download
2
Transcript of Module 12: Auditing Active Directory Domain Services Changes.
![Page 1: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/1.jpg)
Module 12:Auditing Active Directory Domain Services Changes
![Page 2: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/2.jpg)
Overview
Identify new features in AD DS auditing
Implement AD DS auditing
![Page 3: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/3.jpg)
Lesson 1: What’s New with AD DS Auditing
Identify the four new auditing subcategories
List the new capabilities enabled with the new auditing subcategories
![Page 4: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/4.jpg)
Auditing Overview
Audit directory service access
generic object operation took place.
566A
DescriptionDirectory service access events
![Page 5: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/5.jpg)
Auditing with Windows Server 2008
Audit Directory Service Access
Directory Service Access
Directory Service Changes
Directory Service Replication
Detailed Directory Service Replication
![Page 6: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/6.jpg)
Lesson 2: Implementing AD DS Change Auditing
Describe the global audit policy
Describe the System Access Control List
Describe how the schema can be used to filter events that are audited
List the event ID for directory service access events
Describe attribute syntaxes
![Page 7: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/7.jpg)
Global Audit Policy
generic object operation took place.566A
DescriptionDirectory service access events
generic object operation took place.4662
DescriptionDirectory service access events
Windows Server 2000 and Windows Server 2003
Windows Server 2008
![Page 8: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/8.jpg)
System Access Control List
SACL
![Page 9: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/9.jpg)
Schema
Schema
Event Type 1
Event Type 2
Event Type 3
Event Type 4
Event Type 5
Audited
![Page 10: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/10.jpg)
New AD DS Auditing Events
Modify 5136
Create 5137
Undelete 5138
Move 5139
![Page 11: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/11.jpg)
Example 1
![Page 12: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/12.jpg)
Example 2
![Page 13: Module 12: Auditing Active Directory Domain Services Changes.](https://reader035.fdocuments.us/reader035/viewer/2022062517/56649e875503460f94b8af52/html5/thumbnails/13.jpg)
Attribute Syntaxes
Registry setting information is as follows:
Location: HKLM\System\CurrentControlSet\Services\NTDS\Setting name: MaximumStringBytesToAudit
Type: REG_DWORD
Values
Default registry value: 1000
Minimum registry value: 0
Maximum registry value 64000