1. Create a new user
- Log in to your Domain Controller with Domain Admin privileges → Open Active Directory Users and Computers → Right click on your domain → New → User → Name the user as "ADAudit Plus".
2. Create a new group
- Log in to your Domain Controller with Domain Admin privileges → Open Active Directory Users and Computers → Right click on your domain → New → Group → Name the group as "ADAudit Plus Permission Group".
- Add all the audited computers as members of the "ADAudit Plus Permission Group":Right click on the "ADAudit Plus Permission Group" → Properties → Members → Add all the Domain Controllers, Windows servers and workstations that you wish to audit.
3. Create a new domain level GPO and link it to all the audited computers
Since configuring permissions on individual computers is an elaborate process, a domain level GPO is created and applied on all monitored computers.
- Log in to your Domain Controller with Domain Admin privileges.
- Create a new domain level GPO:
Open the Group Policy Management Console → Right click on your domain → Create a GPO in this domain and link it here → Name the GPO as"ADAudit Plus Permission GPO"
- Remove Apply group policy permission for Authenticated Users group:
Click on the "ADAudit Plus Permission GPO" → Navigate to the right panel, click on the Delegation tab → Advanced → Click on Authenticated Users → Remove the Apply group policy permission.
- Add the "ADAudit Plus Permission Group" to the security filter settings of the "ADAudit Plus Permission GPO":
Open the Group Policy Management Console → Domain → Select the "ADAudit Plus Permission GPO" → Navigate to the right panel, click on the Delegation tab → Advanced → Add "ADAudit Plus Permission Group".
