O R G A N I C / F E R T I L I Z E R: mom: securevantage directory services management pack

Nov 2, 2006

mom: securevantage directory services management pack

you're probably quite familiar w/ securevantage by now. if you don't, they produce management packs focused on security. it works right in mom... and is pretty wicked stuff. anyway, they offer a free directory services mp which does some basic functionality. if you don't have it, check it out... anyway, the really cool part is they mention me in the management pack description! nice! here's a snippet:
Management Pack
Purpose
The Directory Services Controls MP (DCMP) provides low-level auditing for all types of objects in Active Directory. Directory Services events not only identify the object that was accessed and by whom but also document exactly which object properties were accessed.
Features
The Secure Vantage DSMP provides detailed OU auditing on user, group, gpContainer, dnsDomain and organizational units. The MP provides base event collection, control alerting, operational views, a forensic analysis report and KB content from Microsoft Security MVP Randy Franklin Smith and MOM MVP Rory McCaw. Additional acknowledgement goes to Marcus Oh, fellow MOM guru.
Configuration

Directory Service Access events work a lot like Object Access events because you must first enable the audit policy at the system level, the activate auditing on the specific objects you want to monitor. To enable auditing on a file, open the file's properties dialog box from within Windows Explorer, select the Security tab, click Advanced and then select the Auditing tab on the Advanced Security Settings dialog box. To enable auditing on an AD object, follow the same path but from within the Active Directory Users and Computers snap-in (rather than Windows Explorer). Then specify the permissions you want to audit when users request access to the object.