DS Access: Audit Directory Service ChangesID: oval:org.secpod.oval:def:14789 | Date: (C)2013-08-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
When possible, events logged in this subcategory indicate the old and new values of the object's properties.
Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
Note: Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema.
If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when an attempt to change an object in AD DS object is made.
Volume: High on domain controllers only.
Default: No Auditing
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Changes
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |