IT Security & High Risk Users Management Blog | WALLIX

It's elementary, my dear Network Admin!

Written by WALLIX | Nov 7, 2014 11:22:14 AM

A friend of ours over at @experts_911 found this old post. It tells the story of how a couple of IT admins had to turn detective and figure out who had altered a Windows Group Policy which was denying access to the internet for everyone in their business. The tale continues, explaining how they had to spend a significant amount of time looking for clues and testing policies to figure out what had changed to cause such a significant problem.

It’s at times like this that effective and accessible auditing can really help you out. With a Wallix AdminBastion you could find the root of this sort of issue in just 4 very simple steps:

1. Search the AdminBastion for Windows devices that have been accessed since this problem appeared

 

2 .Because the AdminBastion captures activity as text, images and video it’s easy to see what’s happened using the screenshot

 

3. Each of the actions shown is also a link which when clicked will play a video of what the privileged user did while logged onto that server

 

4 .The whole captured video can be downloaded for sharing or in this case for a debrief to make sure it doesn’t happen again

 

With an easily understandable audit trail you don't need to be a super sleuth wasting time hunting for clues but instead focus on keeping your business systems up and running.

You can see an overview of the features in Wallix AdminBastion in a video here:

Thanks to @grant_burst for the screenshots