Windows Administrative activity and Policy Changes
This is (sort of) my first post so please go easy on me.
I am currently building an alert view to track all changes to an Active Directory domain. I was wondering what EventIDs people were looking for as well as any creative ways to correlate the information. So far I am tracking the following messages:
I know there are more out there and "what constitutes admin activity" comes to mind. I am mostly concerned with changes to domain policy and Domain Administrator Groups.
Thanks in Advance!