Netwrix recognized in Gartner’s 2020 Market Guide for File Analysis Software Learn More
15 December, 2016 | Russell Smith

Security Tip: Detect Permission Changes in Active Directory

In this tip, I will show you how to enable auditing for changes to permissions on Active Directory objects. The following changes will log Event ID 5136 whenever someone successfully delegates or changes permissions on an object in Active Directory. The first step is to enable auditing of...
27 October, 2016 | Matt Hopton

Detecting Delegated Permissions in Active Directory

Security permissions in Active Directory can be a tricky topic. Not only does Microsoft hide them from you by default in Users and Computers, there is also no built-in tool to get an overall picture of how permissions have been applied to AD. In this article, I’ll take you through the basics...
8 April, 2016 | Troy Thompson

Group Policy for Password Monitoring

As an administrator, you have to ensure that your network is secure.  A big part of that includes deciding on a password strategy for user accounts and administrator accounts.  You can educate your users on best practices for password creation but you can also enable policies that force users to...
5 February, 2016 | Jeff Melnick

How to Detect Who Disabled a User Account in Active Directory

Users whose accounts have been disabled, either accidentally or maliciously, are unable to log into IT systems using Windows authentication. Those who are already logged in might experience problems accessing email, files, SharePoint, etc. By native auditing you should go through 6 steps listed...
21 October, 2015 | Jeff Melnick

How Should IT Handle User Termination

Employment termination, as well as taking aboard the new hires, is an ongoing process for every organization. People get fired, quit/resign, replacements are found – it’s a never-ending story. IT departments, among others, have to handle account deletions and other actions related to employee...
3 June, 2015 | Russell Smith

Manage Local Administrator Account Passwords using LAPS

Active Directory is a centralized directory service that manages domain computer and user accounts, and device configuration using Group Policy. But with the exception of domain controllers (DCs), devices joined to a domain retain local user accounts. In a domain environment, local administrator...
15 April, 2015 | Adam Bertram

Local Administrator Group Changes: Get Notified with PowerShell

Picture this.  You work at a company that prides itself on it’s security practices.  They’ve got firewalls, IDS/IPS systems, routinely perform security audits, keep patches up to date and have a really expensive SIEM product that generates alerts the moment something fishy goes on. A very...
17 March, 2015 | Russell Smith

How to Disable Inactive User Accounts Using PowerShell

Inactive Active Directory (AD) user accounts can pose a security risk to organizations, in situations such as when former employees still have active accounts months after leaving the company because HR failed to inform IT, or accounts might be created for a particular purpose but never deleted...
Show more articles