Tag Archives: auditing

Auditing Passwords with Active Directory Properties

0

Posted on August 28, 2015 by

Have you ever been looking through Active Directory and notice something strange in one of the fields?  Maybe the Organization or Description field has a weird string of letters, numbers, and characters.  You think, “Huh, that kind of looks like a password.”

Ding! Ding! Ding!

Yes, it happens.  Either through lack of understanding or just laziness, sometimes passwords get put into the plain text fields in AD.  This is dangerous because those fields are readable by everyone on the domain.

So how do you know if any of these fields are being used to store passwords?  I managed to cobble together a PowerShell script that can help. (more…)

Advanced Security Audit Settings Spreadsheet

0

Posted on February 19, 2014 by

I was recently reviewing the Advanced Security Audit settings available for Windows 2008 and above and decided to create a spreadsheet with all of the details. While Microsoft does have all of the details on their website, the details are spread across multiple pages.  Having it all in one document made it easier to research each setting, compare the defaults to existing settings, and make recommendations for changes.  The spreadsheet can be downloaded off of Google Drive below:

https://drive.google.com/file/d/0B7uH-SwTZjFQNTJVbHNnNFBhV3c/edit?usp=sharing

The spreadsheet contains two worksheets.  The first gives the default for each setting and the volume of logs generated with each setting.

The second worksheet lists every Event ID generated by each setting and the message associated with each Event ID.

Hopefully this will be useful to others.