Auditor Role
To address security and compliance issues many organizations need to do extensive auditing/monitoring of Windows-based systems. This includes workstations, servers (member and DC) and Active Directory. The only currently practicable way to guarantee all the necessary rights is with the Domain Admin group. Yes, it works, but this creates another security hole. I see a huge need for an "auditor" role that is effectivly a read-only domain admin. A user with these permissions would be able to access and view everything that a domain administrator could, but not be able to make changes. Windows 2008 R2 has an auditor role, but unfortunately all it does is give permissions to view and manage the audit logs. Drat! Has anyone found a way to implement such a role? Cheers, Jim
July 15th, 2010 7:21pm

Hi Jim, Did you ever get an answer to your question? I am in need of the same access. Short of granting READ-All permissions across the objects in the directory I don't think there is an easy way to grant the access.
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2012 4:07pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics