Logging a Users Movements

[lagcat]

Hello,

we have hit a problem where a member of staff has been given domain admin privilages....and because of management we are unable to remove this

is there a way to log the activity around the domain to see servers/areas the user has accessed? we are hitting to problem where we think the user may way to access other users private folders and e-mails...and we need a way to log it

Cheers

CCENT, CCNA
MCP, MCSA
Comptia: Network Essentials, Security +, A+

 

[Zelandakh]

Domain admins shouldn't have access to those things. Turn on auditing for file access, Exchange server access is rather more tricky but you can block that for the user in ESM then it doesn't matter.

If management won't allow you to remove the access you need to trust the individual - this sounds like a can of worms so be very careful what people ask you to do.

 

[TechyMcSe2k]

Make sure they sign an IT Policies and Procedures agreement, so if and when u fire them, u r covered.

This will also let them know that you are watching them.

Google for tools that will track AD changes; there are many out there.

Maybe someone could recommend one?