Need a custom report

brad7125 · 2010-08-26T10:40:03.000Z

I need a report that will show me the AD changes that were made over a time peroid I select. I attempted to write this using the built in report writer but did not have any luck. Is there a way to do this? I have a list of event ID’s that I want reported, I just don’t know how to write the report.

Thanks

Brad

scottalanmiller · 2010-08-26T10:52:46.000Z

You mean within SpiceWorks I assume? If SW doesn’t have the reporting power necessary for your needs, you can always try Crystal Reports or some other reporting package instead.

brad7125 · 2010-08-26T12:07:20.000Z

I would really like to use the reporting in spiceworks. I do not have any report writing experiance with anything so I didn’t know if I was missing something or not.

charlieb3946 · 2010-08-26T12:20:16.000Z

What specific changes are you wanting to track?

brad7125 · 2010-08-26T12:46:06.000Z

Specifically user and group changes. We need to provide a report showing that the administrator (Me) is being tracked and is not making unnecessary or unapproved changes to AD users and groups. This was one of the hits on our IT audit last fall and we have another one coming up in Oct. The event ID’s I want to monitor I got from here. http://www.windowsecurity.com/articles/Auditing-Users-Groups-Windows-Security-Log.html

scottalanmiller · 2010-08-26T13:12:10.000Z

But as the admin you can always make those changes not appear in the logs. Sounds to me like your auditor isn’t clear on how security works. There is little need for an admin to report on himself.

brad7125 · 2010-08-26T13:17:58.000Z

True but it gives them a warm fuzzy to see the report and keeps my boss happy.

scottalanmiller · 2010-08-26T16:55:35.000Z

Shep wrote:

True but it gives them a warm fuzzy to see the report and keeps my boss happy.

Fake security is often the kind that management wants best. Often tied to fake profits.

dabeast · 2010-08-26T17:59:16.000Z

I had to create something like this a while back - I had used MS MOM to capture the events and email all the IT staff. It also tracked any system changes and again emailed the IT staff. It really was a pain in the a$$ and created too much static on the notifications.

You might want to look at Nagios - check here for a how-to: http://community.spiceworks.com/how_to/show/765

charlieb3946 · 2010-08-26T19:40:17.000Z

Logparser might work for you. It can be downloaded here .

brad7125 · 2010-08-27T07:11:42.000Z

Thanks for the input I am checking out logparser now. Any tips on log parser? It looks like I can use it to generate the data if I can figure out how to use it.

ScriptLogic has an app that can do this but it is rather expensive and is based on AD user count, and all users including disabled and service accounts are included. We only have about 180 employees but they wanted us to pay for 225 accounts. The boss said no way. So that is what has prompted this.

chriswright2089 · 2010-08-27T07:52:53.000Z

I know its not much use at the moment but I am considering writing a program to track changes in Active Directory - it would be completely free but I’m afraid I cant give you any idea when it will be completed or if I will even end up making it… depends how much demand there is for a free app that does this (and if there are any others out there already)