Use-case 31: How To Monitor Local User Management In Your Active Directory
Did you know?
A domain user can bring down your network, if he/she has appropriate local user privileges on an important server or machine in your network. Local users and groups are entities that have privileges/restrictions that are limited to the local computer. When a local user logs in to his computer, the computer checks its list of users, their passwords and authenticates the user, unlike domain users. Also, their entire scope of operation is limited to that computer and not to any resources that are on or over the domain.
But, we need to acknowledge that domain resources are on computers and computers have local users and groups within them. If a domain users is a member of local Administrators group, then that user has unrestricted access to all resources on the local computer. If crook employee gains local admin access to a crucial machine, he/she can login locally --> run malicious scripts/applications --> detach the computer from the domain. This is a classic example for divide and conquer.
How can you speculate and eradicate any such mishaps?
Using Object Management in ADAudit Plus, you can retrieve a comprehensive report on all changes made in the local users and groups, in a real-time basis.
Step 1: Kindly go to Server Audit --> Server Audit Reports --> Object Management.
Select the Time Period and your machine on Select Objects.