« Previous 1 2
Monitoring changes in Active Directory with built-in tools
Tracking Down Attackers
Conclusions
Risk detected; risk averted. This common guiding principle also needs to be applied to managing Active Directory. Changes in AD can be monitored and documented with built-in tools. Although a well-configured monitoring policy cannot completely prevent attacks, if they are detected early, they can at least be contained. The built-in tools in Windows are all you need to acquire comprehensive information on what is happening on your network.
Infos
- Microsoft Security Compliance Toolkit 1.0: https://www.microsoft.com/en-us/download/details.aspx?id=55319
- Monitoring Active Directory: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
- Events to be monitored: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
« Previous 1 2
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)