Configure Active Directory Audit Policies
Active Directory audit policies must be configured to ensure events are logged when activity occurs. The steps below walk through the audit policy settings that need to be enabled.
Step 1: Open the Group Policy Management Console (GPMC)
Step 2: Righ click “Default Domain Controllers Policy” and select edit.
Step 3: Under Computer Configuration, click Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy
Step 4: Configure the audit policies based on the table below
Advanced Audit Policy Settings for Entralyzer
Section titled “Advanced Audit Policy Settings for Entralyzer”| Policy Path | Policy Settings Name | Audit Event Settings |
|---|---|---|
| Account Logon | Audit Credential Validation | Failure |
| Account Logon | Audit Kerberos Authentication Service | Success and Failure |
| Account Logon | Audit Kerberos Service Ticket Operations | Failure |
| Account Management | Audit Computer Account Management | Success |
| Account Management | Audit Distribution Group Management | Success |
| Account Management | Audit Other Account Management Events | Success |
| Account Management | Audit Security Group Management | Success |
| Account Management | Audit User Account Management | Success and Failure |
| DS Access | Audit Directory Service Access | Success |
| DS Access | Audit Directory Service Changes | Success |
| Logon/Logoff | Audit Account Lockout | Failure |
| Logon/Logoff | Group Membership | Success |
| Logon/Logoff | Audit Logoff | Success |
| Logon/Logoff | Audit Logon | Success and Failure |
| Logon/Logoff | Audit Other Logon/Logoff Events | Success and Failure |
| Logon/Logoff | Special Logon | Success |
| Object Access | Audit Other Object Access Events | Success and Failure |
| Policy Change | Audit Audit Policy Change | Success |
| Policy Change | Audit Authentication Policy Change | Success |
| Policy Change | Audit Authorization Policy Change | Success |
| System | Audit Securty State Change | Success |