Sign Up for a free Audit-For-AD product demonstration



NetVision's Blog
Visit for more information on Audit and Monitoring of
Active Directory.

Audit Monthly Newsletter
Subscribe to get our latest insights delivered right to your inbox!

Audit for Active Directory

Audit For Active Directory FAQs

Q: We have a lot of employee turnover. Can NetVision Audit-for-AD tell us if there are accounts in Active Directory that have not been used in a while?
A: Absolutely. NetVision Audit-for-AD can report on dormant accounts based on last logon or any other Active Directory attribute.
Q: Our Active Directory administrators require complete rights on the network. How can NetVision Audit-for-AD enforce our security policy on sensitive documents or Active Directory group memberships without restricting admin access?
A: Although administrators may require full rights which include the technical ability to open files or perform any action within Active Directory, certain activities may be restricted by policy. NetVision Audit-for-AD can watch for events that occur outside of policy and report or alert on those events in real time. This capability in turn becomes a deterrent to potential policy breaches.
Q: Will NetVision Audit-for-AD help me understand who is accessing sensitive files on a Windows File Server? How does that work?
A: Absolutely. NetVision Audit-for-AD provides a listener that resides on the Windows file system and watches the files and folders for which you have set policies. When a file is acted upon, NetVision Audit-for-AD looks through the policy for filters and determines if the event should be captured and what action (if any) should be taken.
Q: Can NetVision Audit-for-AD provide recursive reporting on a Windows file-system folder's security permissions?
A: Certainly. You can configure a report to capture the security permissions on a folder and all files and subfolders within it. The result is a comprehensive report of all explicit rights granted on the selected folder and all child objects.
Q: Do NetVision products work for enterprise class Active Directory implementations?
A: Absolutely. NetVision's solution is cost effecient for organizations of all sizes and the technology is proven to scale well into the Fortune 500.
Q: How can NetVision Audit-for-AD add value to what we can already capture from the Windows Security Event Log?
A: NetVision Audit-for-AD provides tremendous value above and beyond what is available in the Windows Security Event Log. First, the number of events available in the event log is limited. For example, only a small subset of user attribute changes will trigger an event in the event log. You won't know if a user's name or email address changes based on what is reported to the log.

Also, the event logs are susceptible to manipulation. A knowledgeable administrator can clear the event log to cover their tracks if they break policy intentionally. Therefore the information provided in the event log is insufficient to prove compliance with many regulatory or other requirements.

Logs are generated per-server and are not immediately synchronized. They also lack critical information such as who made changes and what the before and after values are.

Finally, the event log does not remain forever. The data is over-written as time goes on. Windows provides a configuration option for the maximum log size, but this maximum size has practical limitations on disk space and performance. NetVision Audit-for-AD leverages proven database technologies to provide a virtually limitless ability to capture and retain log data. NetVision Audit-for-AD also provides filtering as the event occurs. So,a policy can be configured to capture user logon failures, but only during certain times or for certain users. Pulling logon failures directly from the event log would result in capturing a significant amount of unnecessary data from all user accounts.