In Part 1, we touched on how routine monitoring of object life cycle changes in the local Administrators group can help strengthen your organization’s overall security. But with most businesses performing audits only once a year, unknown users can utilize this time to hack into workstations and move through the network without being noticed.

Administrators and auditors can quickly react to unauthorized changes with multiple readily-available reports. Checking reports on a regular basis is important, but since you likely don’t have time to stare at a report all day, you can use alerts to notify you about user management changes in the local Administrators group as they occur. ADAudit Plus provides real-time alerts for changes to the local Administrators group, allowing you to react immediately to any unauthorized changes.

You can set up a new alert in ADAudit Plus in a few simple steps.

Step 1: Select the Alerts tab in ADAudit Plus.

Step 2: Click on New Alert Profile in the top-right corner of the page.

Step 3: Provide a name, category, and alert message as displayed below in Figure 1. You can choose the severity of the alert, as well as the mode of notification most convenient for you, such as email, SMS, or script execution.

 

Figure 1. Configuration details for creating an alert.

Step 4: Click Save, and your alert will be active.

Now that the alert is configured, any change related to the membership of the local Administrators group will trigger an alert that’s sent to the administrators in ADAudit Plus.

Figure 2. Alert profiles configured to send real-time alerts to administrators.

Summary

One unauthorized change in the local Administrators group can jeopardize the security of highly sensitive data throughout your Active Directory environment. Using ADAudit Plus, you can stay on top of any user management changes occurring within the local Administrators group and the rest of your Active Directory environment. Try ADAudit Plus today!