Monitoring User Changes

Guest
- Share
- Tweet
#1

Monitoring User Changes

10-25-2000, 02:54 AM

We have an unfortunate situation in that we have a domain with regional sites (80). Each has a "branch server" which is a domain controller. Our Network dept have to be able to "SMS in" and perform certain other tasks on these machines.If they were member servers we could use local groups but not with DC's.

Unfortunately however much we have tried we figure we are going to have to let this dept stay in Administrators group for the Domain (eek!).

Our problem is they definitely shouldnt be performing user management. Does anyone know of a way to stop Admins doing such things (we can think of any) or at very least know of any monitoring tools to allow us to see who has made which changes to users ?????
Tags: None
kstanush

Administrator

Join Date: Sep 2000

Posts: 2444
- Share
- Tweet
#2

10-25-2000, 05:36 AM

Re: Monitoring User Changes

This is a tough problem to solve. There are two ways to do it that I can think of:

1. Let them be admins, but monitor the Event Log for changes, where applicable. To do this, you would have to be some tool to help you monitor the logs, centralize them, and perform the reporting for you. We usually recommend Event Log Monitor for this, http://www.systemtools.com/elm

2. Or, if they only need to perform some simple account changes, get a tool that will let them do this without being admins, such as Intact Account Manager: http://www.systemtools.com/sysadmin

Unfortunately, Hyena can't help you with this one !

Kevin Stanush
SystemTools Software Inc.
Comment

Announcement

Monitoring User Changes

Comment