logo
February 22, 2019 | Brian Svidergol

Active Directory Auditing

IT administrators have been working with and around Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000 but many administrators began working with Active Directory in late 1999 when it was released to manufacturing...
February 25, 2019 | Jeff Melnick

How to Detect Who Deleted a Group Policy Object

Group Policy Objects (GPOs) can provide configurations for access to shared resources and devices, enable critical functionalities or establish secure environments. If some of the GPOs are deleted, users may not be able to access the Internet, modify their data, use peripherals or even log in to...
March 27, 2019 | Jeff Melnick

How to Detect Who Disabled a User Account in Active Directory

Users whose accounts have been disabled, either accidentally or maliciously, are unable to log into IT systems using Windows authentication. Those who are already logged in might experience problems accessing email, files, SharePoint, etc. By native auditing you should go through 6 steps listed...
March 27, 2019 | Adam Bertram

How to Get User Logon Session Times from the Event Log

If you’re a knowledge worker, to be productive in a work environment, you’re probably going to need a user account. And you’re probably going to need to actually use this user account to login to your office and mobile devices. If you don’t, you’re probably not going to be working at that...
April 7, 2017 | Nick Cavalancia

Best Practices for Change Management in the Data Center

When it comes to change management, Scott Matteson gets it.  Too many companies today make changes without any kind of change management in place. Scott's approach even includes the mandated use of individual accounts to perform changes so that Auditing of system changes can easily be tied back to...
April 5, 2019 | Nick Cavalancia

Death by Event Log Overload

When it comes to security, event logs are supposed to be the best friends of an IT guy managing the environment, right? Roger Grimes from InfoWorld claims that the evidence of malicious activity can be found in Event Logs. So, if companies today already have all necessary data that points...
October 17, 2019 | Deb Shinder

Top 6 Security Breaches that Auditing Would have Prevented

Because IT security breaches have become so prevalent, the common model for addressing them is often more reactive than proactive. Have you given up and given in to the idea that breaches are inevitable? Money, time and effort is put into establishing incident response teams, but often preventative...
February 27, 2019 | Jeff Melnick

Top 10 Systems that All Organizations Need to Audit but Often Don’t (part #1)

Ask an IT manager to tell you who made what changes to system configurations in their IT infrastructure and it will often involve a time-consuming manual process of trawling through a disparate array of native audit logs from servers and network equipment. Despite being slow and insecure this...
April 7, 2017 | Robert Bobel

Intrusive agents will cause audit failures

Over the past several months I have had the pleasure of speaking with many customers who are looking to switch out their existing auditing platform for NetWrix Change Reporter Suite. They are most concerned about continuity of auditing over their critical systems to look for changes that may affect...
February 25, 2019 | Robert Bobel

Interpreting Active Directory audit data, not so simple!

It had been a while since I needed to comb through event logs to figure out some change in Active Directory. Having just joined NetWrix, I thought it may be a good idea to spend some time reviewing Windows auditing and in particular What's New Windows Server with AD DS (Domain Services) logging. I...
Show more articles
...