Guillome Main
Guest
|
 Posted:
Fri Nov 11, 2005 1:50 pm Post subject:
Domain Auditor role |
|
|
Hi All,
I work as an IT Security Auditor in a Bank. I would like to create a
separate AD role that is able to audit the domain, but not able to
administer it. Kind of an read-only administrator role.
I would like to audit DNS, AD, Patches, services, etc, but in a
read-only manner.
Is there a way I could do it?
Has anybody ever done something like this before?
If this is not the right group, please link me to another.
Thanks,
Guillome |
|
Joe Richards [MVP]
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: Domain Auditor role |
|
|
This is probably possibly but not necessarily using MS and third party tools
that exist. Many of the tools that look at the core info assume you are an admin
and may give flakey or false results if you aren't.
It would be good to figure out EXACTLY what you need to do for each area and
what tools you think you need to use and then start working through the
permissions necessary to give you the same info in a read only way. It is quite
likely your server build group is going to be doing a lot of work to modify
permissions structures in your server loads.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Guillome Main wrote:
| Quote: | Hi All,
I work as an IT Security Auditor in a Bank. I would like to create a
separate AD role that is able to audit the domain, but not able to
administer it. Kind of an read-only administrator role.
I would like to audit DNS, AD, Patches, services, etc, but in a
read-only manner.
Is there a way I could do it?
Has anybody ever done something like this before?
If this is not the right group, please link me to another.
Thanks,
Guillome
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in