Allow Multiple Report Category In a Single Custom Report
I wish we could add multiple categories in a single report. Particularly the Account Logon and Local Logon categories.
Increased item limit in list
Hi Now there is a maximum of 100 items in lists, this is a very low limit. Sometimes there can be 2000 alerts and to clear them I can only take 100 at a time. Perhaps 500 and 1000 should be added to the list. /Peter
Excluded Accounts for Reports
I would like to be able to exclude the following arbitrarily: User accounts Computer Accounts Group Accounts Non-Ad accounts Point 4 might seem an odd request but in my environment, we have some software that is setup to try and authenticate certain accounts against AD first then another LDAP provider. If the account fails against AD, it moves onto the next LDAP provider configured etc. This generate a lot of 'Unknown account' events naturally on the DCs and these are collected in ADAuditPLus. Would
Scheduled charts
I would be very handy to be able to just scheduled charts of data such as 'Logon Failures' etc for wallboard's, manager etc. Stephen Fowles 3rd Line Support Technician North West Ambulance Service - NHS Trust
View SQL or arbitary Reports
I would like to be able to view the underlying SQL of an arbitrary report. Would make it easier to create custom SQL queries and understand the schema.
"Make as Default" option on a report does not save the selections
The "Make as Default" option should also save the selections. For example, the "Logon Activity based on DC" report has a selection box to choose the domain controllers. Each time I open this report, it always defaults to only the first DC in alphabetical order, so I have to change it to add all of my DC's. It would be more efficient if it saved my server selection as default (on this and other reports with selections). PS- I like the "Frequently Locked Out Users" cumulative report. Now I can see
Able to also search for samaccoutname when specifying user in reports
When searching up an user in i.e. "User Object History" (and all other similar reports where you specify an user), I see that the search input only searches in the "display name". I would like it possible to also search in the SamAccountName-field. We have an Active Directory where the admin users have different "display name" than the "SamAccountName" and because of this, I have to know the "display name" of the user instead of the actual username.
Use a Boolean expression in Quick Search
It should be possible to specify a NOT function in the "Quick Search" feature. For instance using an "!" in front of what you DON'T want to be searched for.
Exclude computer accounts
Like the "Exclude user accounts"-feature, it should be possible to exclude "caller user names" which in fact are computers. We have a lot of entries coming from the Exchange servers and the "caller user name" from AD is "<servername>$".
Change the "Select Computer" interface for reading the audit logs.
I like the ADAudit product a lot. It has been easy to manage and deploy. Probably my biggest complaint about the interface is selecting which computers to pull the log for. First off, I don't like that it chooses a random computer by default that you have to remove with 3 to 4 clicks. Second, I think the box with the default computer in it should have a text search with a drop-down that appears as you type. This would make viewing the logs tremendously faster. Also, when you navigate to a different
Remove dependancy on the security log
Right now the file audit portion of ADAudit relies on SACLs and the security log of the file server which is horribly inefficient. Opening a single file creates over 50 log entries (and they all show up in ADAudit). Can you look into creating a small filter driver agent that can do event correlation so opening a file will only create one entry?
process exclusion in file audit
In the file audit portion of ADAudit there is no way to exclude file modifications by which process changed them. Because of this you can't filter out file changes or reads made by backup software or AV software. This adds a tremendous amount of data that I don not want to see. Can you add the ability to exclude changes from a list of executables that the user can add to or subtract from?