infoblox_nios:user-id
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| infoblox_nios:user-id [2024/07/27 20:15] – created bstafford | infoblox_nios:user-id [2024/10/11 13:56] (current) – [Microsoft Configuration] bstafford | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| event_id: 4624 identifies the user, IP address, first seen and last seen | event_id: 4624 identifies the user, IP address, first seen and last seen | ||
| + | ===== Microsoft Configuration ===== | ||
| + | First of all, check your auditing settings: | ||
| + | - In the '' | ||
| + | * Audit account management: “Success” | ||
| + | * Audit directory service access: “Success” | ||
| + | * Audit logon events: “Success” and “Failure” | ||
| + | - Alternatively, | ||
| + | |||
| + | * **Account Logon** | ||
| + | * Audit Kerberos Authentication Service: “Success, Failure” | ||
| + | * Audit Kerberos Service Ticket Operations: “Success, Failure” | ||
| + | * Audit Other Account Logon Events : “Success, Failure” | ||
| + | * **Account Management** | ||
| + | * Audit Computer Account Management: “Success” | ||
| + | * Audit Distribution Group Management: “Success” | ||
| + | * Audit Security Group Management: “Success” | ||
| + | * Audit User Account Management: “Success” | ||
| + | * **DS Access** | ||
| + | * Audit Directory Service Access: “Success” | ||
| + | * **Logon/ | ||
| + | * Audit Logoff: “Success” | ||
| + | * Audit Logon: " | ||
| + | * Audit Other Logon/ | ||
| + | * Audit Special Logon: " | ||
| + | |||
| + | ===== NIOS Configuration ===== | ||
| + | * In Grid Properties > General > Advanced you need to tick " | ||
| + | * In Grid Properties > Microsoft Integration you can set user timeout | ||
| + | * When configuring the Microsoft Server in NIOS you must set logging level to Debug. | ||
infoblox_nios/user-id.1722111337.txt.gz · Last modified: by bstafford