ANONYMOUS LOGON
I am seeing a fair number of entries marked as "ANONYMOUS LOGON" under "Computer Account Modified" on the "Caller User Name" field. These appear to come from a number of machines that I recognise and some that I don't - they seem to be linked to built in accounts, for example COMPUTER1$. Why is anonymous access most likely to be getting reported so frequently when linked to built in accounts?
File Share reports
Dear team, I have to make some reports on the composition of the share , a snapshot of each share For example , suppose you have sharing " marketing " ( H : \ Marketing ) for sharing this , I have to make a complete list of all the content , in this way : total number of folders , file size , file type , date of creation / editing , etc. . this is possible and how ? thanks
PolicyStatusLogon failure: unknown user name or bad password - Error Code:8007052e
I am a first time user and have added my domain and a domain controller. I have the yellow exclamation saying "Configure "Default Domain Controllers Policy" to enable auditing events for domain : XXXX click here" I click there and the following error comes up: PolicyStatusLogon failure: unknown user name or bad password - Error Code:8007052e I have followed the steps to configure it manually, which all settings were already set. The domain user is correct and not locked out. I am using Build Number:
Create report for specific field on user account
New to AD Audit Plus and still learning. I am trying to create a report to show me all changes to one specific field on a user account, ProxyAddresses but it isn't working or I am not doing it correctly. Can someone assist with how to setup a report for one specific field on an AD account please?
How to create custom report for specific security events related to logons
I am new to the product and have not found what I'm looking for as a predefined report. I'm looking to report on successful non-interactive logons. Event 4624 with logon type not equal to 2. Also looking for events 4648 (attempt to logon with explicit creds), 4775 (account not mapped), and 4777 (DC failed to validate creds) I have attempted to define custom reports but they all turn out empty. Can someone point me in a good direction?
Adding other DNS zones
We have several internal DNS zones on our AD DNS servers. However, only the "base," one, our domain name, shows any records being created/changed. How can we show which records have been changed in the other DNS zones? ie: Our domain name is Corp.local We have a zone for corpname.com We see all records created/changed in corp.local We see any new zones created, such as OtherCorp.net We do not see any record changes recorded under corpname.com, or Othercorp.net How can we see these?
ADAudit Plus monitor iSCSI on File Server
Morning I am trying to setup the File Servers in our ADAudit Plus and when I go to the server it cannot see the share. We think this is because the data share is in fact a presented iSCSI volume. Do this mean that we need to create a share on the told level of the presented drive on the file server in order to allow the software to audit it? Wayne
Connecting to install on server
Evening I know this may have been asked before but I don't know where to look for the answer. I have set up ADAudit Plus on a server and all is working well. The DCs have been found and started to report back. My question is this, can I connect to this instance via the server address from a client PC?
computer report last logged in
Morning Is there a report or a way of creating a report that allows us to see when a computer was last logged in? We have a lot of computers in our AD and want to tidy them up. Cheers Wayne
The event log file is corrupted - Error Code:5dc
Hi, we are getting error "The event log file is corrupted - Error Code:5dc " while fetching from Netapp filer, any idea. Thanks ..
Reminder email after user changes password
Good afternoon, when a user in our environment changes their password, they have to log-off/on to their computer in order for all their passwords to synchronize. Many users forget to do this and it generates many Helpdesk calls. I would like to set up an email notification to be sent to a user after they change their password that they must log off/on. The notification would need to be sent to the email associated with the userid that was changed, which comes to my next question, is there a way
Get members of local administrators on servers
Hello, is it possible to generate a report not on changes, but on current users in local administrators group (or remote desktop users group etc.) on all servers. If it is possible, what are the steps?
How can I do a report for say AD accounts not used in last 60 days?
ADaudit Plus, How can I run a report or AD Accounts not used in he last 30/60 days using the reports provided or a custom query. Just looking at stagnant accounts in AD
The RPC server is unavailable - Error Code:6ba
When trying to add a print server. Looked around the forum for this I checked https://www.manageengine.com/products/eventlog/help/eventlog-misc/eventlog-tips.html and I ran a test on port 135 and it shows it is open. I can open the event manager from the ADAUDIT machine of another computer just fine. I can ping the print server just fine. Everything else seem to be working ok. Any other suggestions? ============================================= Starting portqry.exe -n 127.0.0.1 -e 135 -p TCP ...
File Audit Actions - EMC
I am wondering if anyone has setup or built a File Move File Audit Action for EMC within ADAudit Plus?
The remote procedure control fail error 6ba 6be
Hi team, I'm configuring ADAP, when I do I capture events generates this error: And only happens with Windows Server 2012. I already checked on these forums and did the recommendations proposed her but still does not work me. https://forums.manageengine.com/topic/the-rpc-server-is-unavailable-error-code-6ba-after-update https://forums.manageengine.com/topic/rpc-server-unavailable-error-code-6ba
Print management monitoring
Can ADAudit plus report on the user that deleted a printer on a server? TIA!
Time a user is active on a PC during the day
Hi Guys, Does anyone know if it is possible to get a report whuch shows the total time a user is logged onto their machine each day, where their computer is unlocked (ie in an active state) I am getting requests to find out how much time users are spending at their machines activly working, and at the moment i need to manually look at the Login times each day, and remove any time i can see between a user locking and unlocking their PC during that login interval. thanks
error conllecting netapp event File : error code 8 insuficent space
Hi, From AD AUDIT, not possible to collecting audit event file I have an error code 8. Thanks Nicolas
ManageEngine ADAudit Plus 4.6.0 Build Number: 4662 Released
Dear All, Greetings from ManageEngine ADAudit Plus! ADAudit Plus latest build 4662 brings feature enhancements and issue fixes for a more thorough auditing. With ADAudit Plus, enhance your Windows Server environment auditing: [ Active Directory , Workstation Logon / Logoff , File Servers, Member Servers , EMC , NetApp Filers , FIM , Printers & USB ] to meet the most-needed security, audit and SOX, HIPAA, GLBA, FISMA & PCI-DSS Compliance demands. Enhancements and fixes in this release File
Error when initializing mssql database
Hey all, So, I'm trying to setup ADAudit Plus in our environment but am running into some trouble. I've setup a server 2008 R2 to run the application. Installed ADAudit and everything looked fine. Installed as a Windows service and tried starting it with a domain admin account. That worked just fine and the system could grab data from our DCs. The problem arises when I try to switch to using MSSQL 2008 R2 Standard as the backend database. After running the ChangeDB.bat and successfully connecting
Cannot access after upgrade
We have applied Adaudit 4.6 build 4661 and after that we cannot access to Adaudit. In the login page we receive the following error: Exception occured while validating account : No rows found for the table AaaAccountStatus in this DataObject And the page redirect to the following page http://server_name:8081/j_security_check Thanks in advance.
User report showing security groups the user is member of?
With ADAuditPlus is it possible to run a report based on users showing what security groups they are currently a member of?
File Integrity solution available in AD Audit plus
Hi Please let us know is File Integrity solution available in AD Audit plus. Thanks & Regards Vaishali Karnataki
MS SQL database migration
I'm trying to migrate from the mysql database to a Microsoft SQL database, I've been trying to do so by following the guide here , but I can't seem to get passed the first part, backing up the mysql data. I stopped the service by executing the shutdown.bat file, and waited for it to be shutdown before executing migratesqldata.bat. Whenever the latter is executed, I get the following error: ================================ERROR = *'AES_DECRYPT' is not a recognized built -in function name.* ERROR =
ADAudit Plus - Alert when >100 files modifed or created in 1 hour or less
We would like ADauditPlus to alert us when a user changes or creates multiple files in a short amount of time - like maybe 100 in an hour or so. Is this possible? This will tell us if we have a "Rogue User" on our hands. Thanks!
ADAudit Plus - HTTP Status 400 - Invalid path /home was requested
After no apparent significant change on the server, logging in from a remote host through the web interface returns: HTTP Status 400 - Invalid path /home was requested The app is running on Windows 2012 R2, 4GB RAM, 200GB disk, no disk space issue, RAM and CPU utilization are fine. Anyone have an idea what might have happened? Logging in while logged into the server itself works. Jim
Mail Server Settings, Use Secure Connections(SSL/TLS) dropdown is blank
See attached screenshot. The Use Secure Connections(SSL/TLS) dropdown is blank, and I need to choose either SSL or TLS for my office365 settings. Any help greatly appreciated! --Brian
RPC server unavailable Error Code 6ba
Hi All, I am getting this RPC server unavailable Error Code 6ba error on some of my domain controllers. I have removed the domain, and re-added it but still getting the same error. I have used the DMZ port scanner, and all ports are open to the different domain controllers. Tony.
The RPC server is unavailable - Error Code:6ba After update
I just updated to 4661 and now AD Audit is unable to connect to my domain controllers. When I go into Domain Settings and tell it to discover Domain Controllers, it says "Domain Controllers cannot be discovered" When I try to manually add them, it says they already exist and it will not let me save my settings. When I go to http://localhost:8081/runQuery.do and run select * from adsmdcconfiguration it says " The RPC server is unavailable - Error Code:6ba." I have rules in the domain controller
Real time?
I upgraded to the latest version and I see a lot of "real time" in the release notes. However I don't see where I can configure this. In domain settings, I still see x minute intervals. Email alerts and scheduled reports all still have scheduled run times. What exactly has changed, and how do I enable real-time auditing?
ADAudit Plus Fixes and Enhancements [Version 4.6.0 (4600 - 4650)]
View ADAudit Plus Latest Fixes and Enhancements Version 4.6.0 (4650) Build - July 2014: *New : Real time auditing for Domain Controllers [Optional]. *New : Windows Server 2012 R2 support added. *Fixed : Product crash error during event collection. *Fixed : Alert for Configuration Permission Changes - 2008 Servers. *Fixed : Move Containers/Contacts reporting. *Fixed : GPO User/Computer Configuration count mismatch. *Fixed : Share based reports - Files created report fix. Version 4.6.0 (4640) Build
ManageEngine ADAudit Plus 4.6.0 Build Number: 4661 Released
Dear All, Greetings from ManageEngine ADAudit Plus! ADAudit Plus latest build 4661 announces custom reports in ADAudit Plus, now create reports you desire in a few clicks. Chose from the pre-configured report categories and chose the sub-categories. Further, chose the columns and add filters if you further want to drill down information for precise data. Last but not the least, you could schedule the same to be periodically e-mailed. With ADAudit Plus, enhance your Windows Server environment auditing:
File or Folder Accessed by shows nothing
Hi On my reports for File or Folder Changes does not show accessed by - is there a specific setting I need to change to show who the file or folder was accessed by?? Thanks RTTAdmin
Logging a specific event ID - skeleton key malware
I would like to log event IDs 7045 and 7036 for the psexecsvc service as detailed here http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/ Can ADAP do this without auditing processes - which causes a large amount of data on the domain controllers? i.e. just look for an event Id and check for the process start? Or do I need some other software to do this? Thanks Ian
krbtgt/domain
I get what this account does based on reading from here http://technet.microsoft.com/en-us/library/dn745899.aspx#Sec_KRBTGT but cannot find out what is using it though. This shows up in the log daily that the account has failed to login on many systems. Can someone break it down for me in dummy terms? Thanks
Need help setting up AD Alert
Hello everyone. I just downloaded the application and using the trial in hopes it would fit what I am trying to accomplish. In short, I want to get an email alert when a particular user authenticates to the domain. Whether the logon type is RDP, via UNC path, SMB, basically log the authentication request for this one user on the domain. the report should include all requests but only one email should go out upon initial authentication. We can then review the report to see what was done and authenticated.
ADAudit - Password expiration alert
hello I can generate alerts as one organizational unit when their password is expiring in a given time? regards
Lot's of login attempts from a single user
Hey all, We just installed AD Audit into our environment and I am loving it. What I'm curious about is why do some users for a single day have 12000+ successful login attempts? Then the next day they have 20? Is it normal for a Domain User to authenticate that many times to our domain controllers? I just find it shocking. What could cause this sort of authentication activity? Any direction or help is much appreciated! Thank you.
Audit/Monitor for Folder/file only
The file audit connects via shares and I have a folder in that share that I need to create a report & alert for whenever it's accessed. I can't seem to figure out how to monitor, alert or create a report for a single file or folder. Ideas?
Next Page