Forum Discussion
Auditing user activity across Enterprise servers
Hello Experts , We have been noticing some users are using shared service accounts to perform some activities which need to be traced and tracked for auditing. I am looking for help with a Powershe...
You can find a lot of things in the security logs of your Domain Controller and the local security log of the remote server. But that's mainly logon events by default, you have to enable object access logging to see what things they are doing using the service account.
But are you preventing the usage of those service accounts? You can restrict them to only log on to certain computer accounts for example.
But are you preventing the usage of those service accounts? You can restrict them to only log on to certain computer accounts for example.
Harm_Veenstra We ar enot restricting it but would like to know if users are using the access to do somethinhg they should not be doing. Is there any powershell script or any othe script I can use to check this ?
- I were a blog about how to gather security events on domain controllers, https://powershellisfun.com/2022/07/19/retrieve-security-events-from-active-directory-using-powershell/ and perhaps you can expand on that? It searches for certain events. If you audit logon events, you should be able to gather information about that (you can add more event id's to search for)
