Privileges required for ADAudit Plus auditing
In this article:
Objective
Prerequisites
Steps to follow
Validation and confirmation
Tips
Related topics and articles
Objective
This article outlines the minimum privileges required for ADAudit Plus to audit and start:
Active Directory
Windows servers and workstations
File servers
DataEngine (indexing engine)
Other systems (Exchange, NetApp, etc.)
Prerequisites
The ADAudit Plus service account must be a local administrator on the product server (required for the Account Lockout Analyzer module).
The account should have read access to domain controller security logs and AD objects.
Local admin rights are required on target servers or workstations for WMI and WinRM access.
File auditing requires enabling object access auditing and setting read permissions on shares.
For DataEngine, which is ADAudit Plus' indexing engine, have read/write access to the installation directories and required shares that you are auditing.
Steps to follow
1. Product startup
Add the ADAudit Plus service account to the local administrators group on the product server.
Go to Computer Management > Local Users and Groups > Groups.
Double-click Administrators > Add > enter the service account > OK.
Assign full control over the ADAudit Plus installation directory:
Right-click the installation folder > Properties > navigate to the Security tab > click Edit.
Add the service account and grant Full control.
Ensure that local logon or logon as batch job is not denied via GPO:
Run gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Check the Deny log on locally and Deny log on as a batch job options to confirm the service account is not listed.
Confirm local login is allowed:
Verify the Allow log on locally policy includes the service account.
2. DataEngine auditing
Assign full control to the service account:
Remote into the server in which ADAudit Plus is installed.
Navigate to Installation Directory\ADAudit Plus\apps.
Right-click the apps folder > click Properties > navigate to the Security tab > click Edit > add the service account configured for ADAudit Plus > grant Full control > click Apply.
On remote machines, share the following folders with the Network Service:
Navigate to each folder > right-click > Properties > Sharing > Advanced Sharing > Permissions > Add Network Service > grant Read access.
3. Active Directory auditing
Add the ADAudit Plus service account to the Event Log Readers group:
Navigate to your preferred domain controller > Run > type dsa.msc > hit Enter.
Go to Active Directory Users and Computers > Builtin > Event Log Readers.
Right-click Properties > navigate to Members > click Add > enter the service account configured for ADAudit Plus > click Apply and OK.
Add the service account to the local Administrators group on each audited machine:
Log in to your domain controller with domain admin privileges > open the Group Policy Management Console > right-click the ADAudit Plus Permission GPO > click Edit.
In the Group Policy Management Editor, open Computer Configuration > expand Preferences > open Control Panel Settings > right-click Local Users and Groups > select New > click Local Group > select the Event Log Readers group under Name > add the ADAudit Plus user.
4. File server auditing
Set NTFS and share permissions:
Right-click the target folder > Properties > click the Security tab > Edit > add the service account with Read permissions.
For shares: Right-click the share > Properties > Sharing > Advanced Sharing > Permissions > add the service account with Read permissions.
5. NetApp auditing
NetApp: Provide read-only access to the CIFS or NFS volumes being audited.
Validation and confirmation
Active Directory or Windows Server:
Run a test audit in ADAudit Plus. Verify that events appear in reports.
File servers:
Check the security logs for file access events (event ID 4663).
DataEngine:
Verify the service account can:
Start or stop the DataEngine service.
Write to logs and temp directories.
Check DataEngine_errors.log for permission issues.
Tips
Use a dedicated service account (not a personal admin account).
For DataEngine, ensure:
The installation directory is excluded from antivirus scans.
Disk space is monitored (logs can grow rapidly).
Document all assigned privileges for compliance.
Related topics
New to ADSelfService Plus?
Related Articles
No data is available under the USB storage auditing report in ADAudit Plus
In This Article: Issue Description Prerequisites Possible Causes Resolution Related Topics and Articles How to Reach Support Issue description ADAudit Plus monitors and reports on the use of removable storage devices in a network, including USB flash ...How to configure object-level auditing (a SACL) in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article outlines the minimum privileges required for ADAudit Plus to audit the following: Active Directory (AD) ...How to configure USB storage auditing for workstations in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to configure USB storage auditing on Windows workstations so that ADAudit Plus can monitor and ...How to set up port configuration for ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to configure and manage the ports used by ADAudit Plus for web access, data collection, and ...How to exclude user accounts in ADAudit Plus
In this article : Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to exclude specific user accounts from being audited in ADAudit Plus. Prerequisites Access to ...