Auditing Windows and Active Directory

Auditing Windows and Active Directory


This course is for Auditors new to Windows and Active Directory as well as existing IT Auditors who need to refresh their knowledge of current Windows technology.


No prior knowledge of Windows Server is expected but delegates should have a general understanding of how computers work and the Windows environment.


2 days. Hands on.

Course Objectives

The Windows Server family is constantly introducing new areas for the IT auditor to review, Windows Server 2008 brought new control features such as granular audit policies and new password controls. Windows Server Core (new with the Server 2008 range) brings new challenges for the auditor - how do you audit a version of Windows that doesn't have a graphical desktop?

In this intensive practical course, you will learn how to plan and carry out an audit of a Windows Server-based installation. Each student will be provided with their own Windows workstation and a range of Windows Server software tools to use, including software intended for the use of systems administrators, and not normally provided to a Windows user. We will cover Windows 2008 with a look at Windows 2012 to ensure that you'll be fully up to date no matter what mix of systems your company's data centre may be using!

At the end of the event, you will have all the essential knowledge required to conduct a successful Windows Server audit.

Course Content

A basic Windows operating system audit
Windows versions.
Operating system roles.
Auditing Windows Services.
User rights and admin rights.

Active Directory Objects
Forests and Trees.
Domains and Sites.
OUs Groups and Users Risks of inappropriate forest/domain configuration.
Risks of trust relationships in an AD forest.

Reviewing the deployment of Active Directory
Risks of poor deployment decisions.
Replication risks.
Accidental deletion of AD objects.
Workstation/server controls in an AD environment.
Risks associated with workstation and server domain membership.

AD security and control features in Server 2008
Read-only domain controllers.
Selective replication.
Domain controller loss/theft mitigation.
AD object deletion protection.

AD User and group management
Risks of poor user account control.
Incorrect and inappropriate group membership.
Control of dormant accounts.
Risks associated with service accounts.

Account control features in Server 2008
Granular password policies.
New service account management tools.

Windows Server Core 2008
Typical Server Core roles and deployments.
Auditing Server Core installations with remote admin tools and PowerShell.

Object permissions in Active Directory and what they mean
Risks of incorrect object permissions for AD and other objects.
Risks of delegation and how to assess them.

Group Policy Objects and how they are used
Risks of poor Group Policy design, deployment and monitoring.
The Group Policy Management Console and how to use it in a GP audit.

How the Windows auditing and event log system works.
Risks of improper audit logging configuration and monitoring.
Auditing features in Server 2008.
Granular audit policies.
Event log forwarding.
Risks of inappropriate file and directory access permissions.
How to assess permissions cost-effectively.

Useful software
Log dumper tools.
The built-in NET commands.
Using scripts to control and audit Windows Server and AD.
Powershell and its audit uses.
The Windows and AD audit programme.

Public Courses

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...