Hi, I would like to check with you guys on the error code of the following :- 1. Attempts to grant admin rights to non-Admin IDs (error code) a. user ID of initiator b. affected ID c. date/time d. source of attempt 2. Attempts to access unauthorized file/folder. (error code) Whenever, there is an attempts above, will there be any error log recorded? As far as I know, I unable to know the path of the folder. As what I can see, it shows "object access" .... any idea ? Thanks

For #1 configure auditing for account management assuming by granting admin rights you mean adding a user to a group with admin privileges http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html Specific event IDs http://technet.microsoft.com/en-us/library/cc737542(WS.10).aspx For #2 configure auditing for the file or folder access on the specific folder and see events in the security log http://support.microsoft.com/kb/301640 and http://support.microsoft.com/kb/300549

1. Is there any possible log stating that this domain admin ID has granted a domain admin to non-domain admin user ? Coz some logs are too general.