No announcement yet.

Monitoring User Changes

  • Filter
  • Time
  • Show
Clear All
new posts

  • Monitoring User Changes

    We have an unfortunate situation in that we have a domain with regional sites (80). Each has a "branch server" which is a domain controller. Our Network dept have to be able to "SMS in" and perform certain other tasks on these machines.If they were member servers we could use local groups but not with DC's.

    Unfortunately however much we have tried we figure we are going to have to let this dept stay in Administrators group for the Domain (eek!).

    Our problem is they definitely shouldnt be performing user management. Does anyone know of a way to stop Admins doing such things (we can think of any) or at very least know of any monitoring tools to allow us to see who has made which changes to users ?????

  • #2
    Re: Monitoring User Changes

    This is a tough problem to solve. There are two ways to do it that I can think of:

    1. Let them be admins, but monitor the Event Log for changes, where applicable. To do this, you would have to be some tool to help you monitor the logs, centralize them, and perform the reporting for you. We usually recommend Event Log Monitor for this,

    2. Or, if they only need to perform some simple account changes, get a tool that will let them do this without being admins, such as Intact Account Manager:

    Unfortunately, Hyena can't help you with this one !
    Kevin Stanush
    SystemTools Software Inc.