A friend of ours over at @experts_911 found this old post. It tells the story of how a couple of IT admins had to turn detective and figure out who had altered a Windows Group Policy which was denying access to the internet for everyone in their business. The tale continues, explaining how they had to spend a significant amount of time looking for clues and testing policies to figure out what had changed to cause such a significant problem.
It’s at times like this that effective and accessible auditing can really help you out. With a Wallix AdminBastion you could find the root of this sort of issue in just 4 very simple steps:
1. Search the AdminBastion for Windows devices that have been accessed since this problem appeared
2 .Because the AdminBastion captures activity as text, images and video it’s easy to see what’s happened using the screenshot
3. Each of the actions shown is also a link which when clicked will play a video of what the privileged user did while logged onto that server
4 .The whole captured video can be downloaded for sharing or in this case for a debrief to make sure it doesn’t happen again
With an easily understandable audit trail you don't need to be a super sleuth wasting time hunting for clues but instead focus on keeping your business systems up and running.
You can see an overview of the features in Wallix AdminBastion in a video here:
Thanks to @grant_burst for the screenshots