Documentation forAccess Rights Manager

Set audit permissions in the AD object SACLs

After activating the audit policies you must set the audit permissions for AD objects (SACL) accordingly.

The user right "Manage auditing and security log" is required for the configuration of the SACL (this corresponds to the privilege "SeSecurityPrivilege"). You must be a member of the "event log reader" or domain admin group.

The configuration of the SACL is only required for one of the domain controllers. All other DCs receive the configuration via replication.

 

Screenshots property of © 2020 Microsoft.

Start the management of Active Directory users and computers on a DC by opening

dsa.msc

 

Screenshots property of © 2020 Microsoft.

Activate the option "Advanced Features".

 

Screenshots property of © 2020 Microsoft.

Select the domain that you want to monitor by right-clicking on it and selecting "Properties".

 

In the properties window, select the tab "Security" and then click on "Advanced".

 

Screenshots property of © 2020 Microsoft.

Select the tab "Auditing".

Analyze the existing access rights. Perhaps the required permissions already exist.

If required, expand the access rights of an existing "Everyone" principal or add the desired entry.

 

Screenshots property of © 2020 Microsoft.

At minimum, the following is required:

  • Principal: "Everyone"
  • Type: "All"
  • Apply to: "This object and all descendant objects"

 

Permissions:

  • Write all properties
  • Delete
  • Delete subtree
  • Modify permissions
  • Create all child objects
  • Delete all child objects