• Support
  • Forums
  • Blogs

Monitoring Custom Admin Groups in AD

nhetricknhetrick

Hi,

I got OSSEC setup on my Windows AD domain server and am monitoring AD admin group changes using plugin #7107.

However, these only monitor the Administrators, Domain Admins, Schema Admins, etc groups. Is there a way to get this to monitor changes in custom admin accounts as well?

Thank you.

Share post:

Answers

  • Greetings @nhetrick,

    Have you tried increasing the auditing level of the windows machine itself? Since OSSEC takes its logs from the event viewer ( mostly), increase the auditing of your windows machine ( local group policy) and the auditing of the active Directory ( using ADSI edit ). Try to manipulate these to fit in your needs.

    Best Regards
    Lord Odin


Sign In or Register to comment.