Chat now with support
Chat with Support

Change Auditor for Active Directory 7.0.4 - User Guide

Setting extra security on protected objects

By default, Change Auditor settings are accessible by all domain administrators. In some environments, there are many individuals assigned domain administrator privileges. You can use the Security feature to provide an extra layer of security for your protected objects. You can delegate the right to manage protected objects to trusted administrators, limiting the number of administrators that can change settings.

NOTE:  

Each entry for the objects listed in the Protection template has it's individual security settings.

 

Event Details Pane

This topic describes the details that are added to the Event Details pane for Active Directory and Group Policy events and the Restore Value feature that is available for some Active Directory events. It also describes the additional details added to this pane for Group Policy events.

The following table provides a description of the ‘What’ details that are provided on the Events Details pane for an Active Directory event.

 

What

Provides a brief description of the change that occurred.

Subsystem

Displays ‘Active Directory’.

Action

Displays the action that was taken against the Active Directory object, such as Add Attribute, Add Object, Delete Attribute, Delete Object, Modify Attribute, Move Object.

Facility

Displays the event class facility to which the event belongs.

Class

Displays the object class that was modified, such as group, user, computer, nTDSConnection, crossRefContainer.

Attr

If an attribute has been added, deleted, or modified, this field displays the name of the attribute.

Type

For Active Directory events associated with groups, this field displays the type of group that was modified, such as Global (Security), Domain Local (Security).

Object

Displays the name of the object that was modified.

Authentication

Indicates whether the LDAP operation is secured using the SSL (Secure Socket Layer)/ TLS (Transport Layer Security) technology, simple bind authentication, or signed using Kerberos-based encryption.

Port

Indicates the port used for authentication.

From | To

Displays the old value that was assigned to the object and the new value that is now assigned.

Changes

For permission type changes, the Changes table replaces the To | From information. This table provides details about the changes made, such as operation, type, account, permission, scope, and condition.

For simple Active Directory attribute changes (such as Add Attribute, Modify Attribute, Delete Attribute), the Event Details pane features an option to restore changed values. When applicable, Restore Value is displayed at the top of the Event Details pane, allowing you to restore a changed value without needing to leave the client or use additional tools.

The following table provides a description of the ‘What’ details that are provided on the Events Details pane for a Group Policy event.

 

What

Provides a brief description of the change that occurred.

Subsystem

Displays ‘Group Policy’.

Action

Displays the action that was taken against the Group Policy object or item, such as Add Attribute, Delete Attribute, Modify Attribute.

Facility

Displays the event class facility to which the event belongs:

Policy

Displays the name of the group policy that was modified.

Section

Displays what section of the group policy was modified.

Item

For events associated with Group Policy items, displays the group policy item that was modified.

From | To

Displays the old value that was assigned to the group policy object and the new value that is now assigned.

 

Related Documents