In a partnership with NetWrix and Spiceworks, a recent poll asked members if they were auditing Active Directory events and what events in particular they would like to know more about. The results were that most members are not currently auditing Active Directory events. Of those that responded, Group Policy and Delegation events were of greatest interest.
The majority of respondents (75%) indicated they currently do not monitor Active Directory events.
This should come as no surprise. Native Active Directory logging is far from user-friendly. Pouring through logs of mostly noise to find that one nugget of valuable information is time consuming, confusing, and highly error-prone. When you finally do find the information you were looking for, odds are it wasn’t worth your time and you still won’t have all the details such as who made what change and where. These are the reasons auditing is not widely adopted by IT organizations.
Nearly 90% of Spiceworks members that participated in the poll indicated that they would like to know WHAT the change was, WHO made the change and WHEN. Again, native Active Directory logging does not reveal this making it extremely difficult to get these answers. This is a unique strength of NetWrix Active Directory Change Reporter. Instead of having to dig through logs, you get an e-mail report providing all this detail.
Of those that responded (63.9%), Group Policy changes are the most interesting events in Active Directory. This too should not be any surprise. The great power in AD is the design, facilitating the distribution, security and management of user and computer rights using reusable and modifiable policy templates. These templates allow or deny access and permissions to every behavior and resource in the environment and should be audited regularly.
Organizations that are auditing their Active Directory and Group Policy events have a better understanding of the environment, are more secure and greatly reduce the risk of major problems as a result. With NetWrix Active Directory Change Reporter you can know who, what, when and where a change took place in your Active Directory and Group Policy without having to look through logs or visit multiple machines. This all takes place automatically and delivers a report you and management can read and understand. The product installs in minutes and you can be auditing your entire AD and Group Policies in a matter of minutes without major software deployments or expense.
Currently, we are working with Spiceworks to develop an integrated Active Directory auditing plug-in. This plug-in will help Spiceworks members benefit from our award-winning technology by expanding AD auditing visibility. Our goal is to provide the community with new features and capabilities that will empower members to improve overall security and systems integrity through enhanced AD auditing.
Please share your thoughs and comments below.
Images were used with permission from Spiceworks.