To track user, we require to audit user account management. for example creation, deletion password reset and permission changes of the users. It helps to the organization to comply with regulations and other requiring user activity logs. this provides account management actions record for incident analysis and ensures transparency in user account lifecycle.
with the above details you understood why we should enable the audit log of user accounts and here below, you will learn step by step process to accomplish this task.
Open Group Policy Object console:
go to Group Policy Object option -> right click and New -> Provide a proper name for your GPO and click on OK
again right click on your group policy and edit
Go to Computer Configuration -> Policies -> Windows Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Account Management -> Audit User Account Management
in the Properties option under policy section -> check “Configure the following audit events” and also check the success and failure. click apply and OK
verify, your audit policy is set to Success and Failure from “Not Configured”.
Above you have configured the audit policy . now you need to link this policy with desired OU that you want to apply
Go to OU you want to link the policy and right click -> Link an Existing GPO…
Select GPO and OK
Wait some time to take effect or run the below command on your Domain controller as well as on computer.
gpupdate check on your computer if group policy applied or not using below command.
As you can see, created group policy is applied to the computer
In this article you have learnt , how to Audit user account management to track user within the organization. You also might be interested on Restore Group Policy Object.
