Critical System Protection

 View Only

  • 1.  Can CSP be used to Audit Administrator changes

    Posted Apr 10, 2014 01:37 PM

    Can CSP be used to audit activity performed by Windows Systems Admins?

    We are not looking to prevent this activity as it is authorized, we just want a simple way to track changes made to our servers such as software Installs, Stopping and starting services. Creating new local users. etc

     

    Thanks

    Rob

     



  • 2.  RE: Can CSP be used to Audit Administrator changes

    Posted Apr 10, 2014 08:09 PM

    Yup.  This is one of the things CSP (now Data Center Security - DCS) is made for!

    Much of what you ask is available thru the out of the box detection policies.  Check out the pdf located here;

    http://www.symantec.com/docs/DOC5946

    There's nice comprehensive listing of the what the 'out of the box' policies can do for you.  The policy can be customized, or you can create your own to add those things you want but are missing.  In particular, look at the Windows Baseline Policy.

     

    Good luck!

    Post additional questions here.  Lots of good info and advice from users and Symantec product specialists.

     

    Will



  • 3.  RE: Can CSP be used to Audit Administrator changes

    Posted Apr 10, 2014 08:23 PM

    The Baseline Detection Polices (Windows and Unix) are probably what you want to use.



  • 4.  RE: Can CSP be used to Audit Administrator changes

    Posted Apr 10, 2014 08:47 PM

    Yes, Data Center Security or formerly known as SCSP can do that. DCS Detection Policy can monitor and detect specific events or even the user-defined criteria you've configured.

     

    Symantec™ Data Center Security: Server Advanced v6.0 Detection Policy Reference Guide

    http://kbdownload.symantec.com/resources/sites/BUSINESS/content/live/DOCUMENTATION/7000/DOC7170/en_US/SDCSSA_Detection_Policy_Reference_Guide.pdf?__gda__=1397181740_3e7d30771f02ac685498dab75a8b0f6d

     

    Regards,

    JM