Use-case 31: How To Monitor Local User Management In Your Active Directory

Use-case 31: How To Monitor Local User Management In Your Active Directory

Did you know? 

A domain user can bring down your network, if he/she has appropriate local user privileges on an important server or machine in your network. Local users and groups are entities that have privileges/restrictions that are limited to the local computer. When a local user logs in to his computer, the computer checks its list of users, their passwords and authenticates the user, unlike domain users. Also, their entire scope of operation is limited to that computer and not to any resources that are on or over the domain.



But, we need to acknowledge that domain resources are on computers and computers have local users and groups within them. If a domain users is a member of local Administrators group, then that user has unrestricted access to all resources on the local computer. If crook employee gains local admin access to a crucial machine, he/she can login locally -->  run malicious scripts/applications --> detach the computer from the domain. This is a classic example for divide and conquer

How can you speculate and eradicate any such mishaps?  

Using Object Management in ADAudit Plus, you can retrieve a comprehensive report on all changes made in the local users and groups, in a real-time basis. 

Step 1: Kindly go to Server Audit --> Server Audit Reports --> Object Management.

Select the Time Period and your machine on Select Objects.




 

#TheAD+Experience
Shane Clinton
ManageEngine ADSolutions Team
Direct
: +1 408-916-9891

Toll Free
: +1888-720-9500          
How To | Forum | File Permission Management
   
ADManager Plus | ADAudit Plus | ADSelfService Plus | Exchange Reporter Plus | Recovery Manager Plus | AD360
              New to ADManager Plus?

                New to ADSelfService Plus?