In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

 Objective  

To configure Windows Member Servers in ADAudit Plus, including agent deployment, configuration using the product console or command-line arguments, and applying all necessary audit policies to ensure complete tracking of server activities.

Prerequisites

• You must have administrative access or delegate permission to configure the Member Server in ADAudit Plus.

• Sufficient disk space must be available on the ADAudit Plus server for log storage.

• Ensure firewall settings allow communication between the ADAudit Plus server and agents.

 Steps to follow 

Step 1: Configure member servers using the product console

1. Log in to the ADAudit Plus web console.

2. Navigate to the Configuration tab.

3. In the left pane expand Configured Server(s) > choose Member Servers.

4. Click Add Servers in the top-right corner.

5. Select the servers you want to add.

6. Click Next.

7. Review the selection and click Finish to complete the configuration.

Step 2: Configure member servers using command-line arguments

1. Create a CSV file by the name servers.csv in the location <installation dir>\ManageEngine\ADAudit Plus\bin. From the Encoding tab, save the document in UTF-8 format. Open the file, enter the names of all Windows servers (that you want to audit) in adjacent lines, and separate them using commas.

1. For example, to add the file servers Test-MS1, Test-MS2, and Test-MS3; open the servers.csv file and enter:Test-MS1,Test-MS2,Test-MS3

2. Navigate to <installation dir>\ManageEngine\ADAudit Plus\bin > Open command prompt and execute cmdUtil.bat > Enter ADAudit Plus default admin credentials.

1. The ADAudit Plus default username and password are both admin. Execute the following command post entering the credentials:

2. config server add -machinetype ms -isauditpolicy true (or) false

3. After -isauditpolicy, enter true to automatically configure the required object access audit policy and false to manually configure the required object access audit policy.

1. For example, if you want to audit all Windows servers and configure the required audit policies automatically; execute the following command:

2. config server add -machinetype ms -isauditpolicy true

Step 3: Configure audit policies manually

1. Open Active Directory Users and Computers.

2. Right-click the domain and select New > Group.

3. In the New object - Group window that opens, type in ADAuditPlusMS as the Group name, check Group scope: Domain Local and Group type: Security. Click OK.

4. Right-click the newly created group and select Properties > Members > Add. Add all the Windows servers that you want to audit as a member of this group. Click OK.

5. Using domain admin credentials, log in to any computer that has the Group Policy Management Console (GPMC) on it.

Note: The GPMC will not be installed on workstations and/or enabled on member servers by default, so we recommend configuring audit policies on Windows domain controllers. Otherwise follow the steps in this page to install GPMC on your desired member server or workstation.

6. Go to Start > Windows Administrative Tools > Group Policy Management.

7. In the GPMC, right-click the domain in which you want to configure the Group Policy. Select Create a GPO and Link it here. In the New GPO window that opens, type in ADAuditPlusMSPolicy and click OK.

8. Select the ADAuditPlusMSPolicy GPO. Under Security Filtering, select Authenticated Users. Click Remove. In the Group Policy Management window that opens, select OK.

9. Select the ADAuditPlusMSPolicy GPO. Under Security Filtering, click Add and choose the security group ADAuditPlusMS created previously. Click OK.

10. Close the GPO editor and run gpupdate /force on the target server to apply the policies.

11. To run the command above, Go to Start > type cmd > right-click Command Prompt > select Run as administrator.

 Configure advanced audit policies    

1. Log in to any computer that has the GPMC with Domain Admin credentials. Open the GPMC, then right-click ADAuditPlusMSPolicy and select Edit.

2. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy. Double-click on the relevant policy setting.

3. Navigate to the right pane and right-click on the relevant Subcategory. Select Properties, then choose Success, Failure, or both, as directed in the table below.

Force advanced audit policies  

1. Log in to any computer that has the GPMC with Domain Admin credentials. Open the GPMC, right-click ADAuditPlusMSPolicy, then select Edit.

2. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.

3. Navigate to the right pane, then right-click Audit: Force audit policy subcategory settings. Select Properties, then Enable.

 Validation and confirmation 

• In the ADAudit Plus web console, verify that the servers appear under Configuration > Configured Server(s) > Member Server.

• Log on and perform test activities on a monitored server.

• Navigate to Server Audit to confirm events are recorded.

 Tips 

• Use descriptive GPO names to simplify future management.

• Review and adjust firewall rules to maintain uninterrupted communication.

 Related topics and articles 

• How to configure Workstations in ADAudit Plus