notification for adding a new win account

TheMSsForum.com: The Microsoft Software Forum

Hi ,
when someones adds a new windows account, i want to receive a notification
. How i can do that ?

Thanks
Top

Re: notification for adding a new win account by Steven

Steven
Wed Feb 01 12:39:12 CST 2006

If you have auditing of account management enabled on the computer where the
user is added you will see an account management event recorded in the
security log of the computer. For domain accounts you would need to check
the security logs of all the domain controllers which can be done centrally
with the free Event Comb from Microsoft searching for specific Event IDs.
Below is an example of such Event ID. --- Steve

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 624
Date: 2/1/2006
Time: 12:38:01 PM
User: STEVE-XP\Steve
Computer: STEVE-XP
Description:
User Account Created:
New Account Name: John
New Domain: STEVE-XP
New Account ID: %{S-1-5-21-1123561945-152049171-1343024091-1006}
Caller User Name: Steve
Caller Domain: STEVE-XP
Caller Logon ID: (0x0,0xD500)
Privileges -


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


"Hasan O." <therenton@hotmail.com> wrote in message
news:OWm9P%230JGHA.1288@TK2MSFTNGP09.phx.gbl...
> Hi ,
> when someones adds a new windows account, i want to receive a
> notification
> . How i can do that ?
>
> Thanks
>
>


Top

Re: notification for adding a new win account by Byron

Byron
Thu Feb 02 02:12:32 CST 2006

In addition to Steven's approach of auditing, you could also go about it
like this:

1. Restrict the use of Administrator and Domain Admin accounts to a very,
very, very small number of highly trusted people.
2. Create one account and delegate to it the permissions required to create
a user
3. Create a web application that creates users
4. Configure that web application to run in the security context of the account
created in #2
5. Restrict access to the web application to a particular security group,
make the users authorized to create users part of that group
6. Have the application send email and/or create log files when accounts
are created
7. Have the application perform whatever other business-rule checking or
additional configuration steps required.

It's quite a bit of work to set up at first, but once up and running, it's
pretty slick.

Byron Hynes
Windows Server
Microsoft Corporation

http://spaces.msn.com/members/byronphynes

> Hi ,
> when someones adds a new windows account, i want to receive a
> notification
> . How i can do that ?
> Thanks
>


Top