Hi,
Environment:
Change Auditor 6.9.1 / Build 3131
Change Auditor Active Directory
Domain function level: Windows 2012R2
I see the following events in Change Auditor:
The DACL was changed for the group object CN=Schema Admins . .
The event states is tries to change the permissions on this object:
Changes: Operation Type Account Permission Scope Condition
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Account Restrictions This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Account Restrictions This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Logon Information This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Logon Information This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Group Membership This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read Group Membership This object only
Permission Removed Allow Change Password This object and all child objects
Permission Removed Allow Read Exchange Personal Information This object and all child objects
Permission Removed Allow Read canonicalName This object and all child objects
Permission Removed Allow Read userAccountControl This object and all child objects
Permission Removed Allow Read Exchange Information This object and all child objects
Permission Removed Allow Read memberOf This object and all child objects
Permission Removed Allow Read garbageCollPeriod This object and all child objects
Permission Removed Allow Write proxyAddresses This object and all child objects
Permission Removed Allow Write showInAddressBook This object and all child objects
Permission Removed Allow Write Exchange Personal Information This object and all child objects
Permission Removed Allow Write adminDisplayName This object and all child objects
Permission Removed Allow Write groupType This object and all child objects
Permission Removed Allow Write msExchMailboxSecurityDescriptor This object and all child objects
Permission Removed Allow Write msExchUMServerWritableFlags This object and all child objects
Permission Removed Allow Write displayName This object and all child objects
Permission Removed Allow Write msExchUserCulture This object and all child objects
Permission Removed Allow Write displayNamePrintable This object and all child objects
Permission Removed Allow Write mail This object and all child objects
Permission Removed Allow Write msExchMobileMailboxFlags This object and all child objects
Permission Removed Allow Write userCertificate This object and all child objects
Permission Removed Allow Write textEncodedORAddress This object and all child objects
Permission Removed Allow Write Exchange Information This object and all child objects
Permission Removed Allow Write publicDelegates This object and all child objects
Permission Removed Allow Write publicDelegates This object and all child objects
Permission Removed Allow Write msExchUMSpokenName This object and all child objects
Permission Removed Allow Write garbageCollPeriod This object and all child objects
Permission Removed Allow Write msExchUMPinChecksum This object and all child objects
Permission Removed Allow Write legacyExchangeDN This object and all child objects
Permission Removed Allow Full control This object and all child objects
Permission Removed Allow Modify Permissions group objects
Permission Removed Allow Pre-Windows 2000 Compatible Access Read All Properties + List Object + List Contents + Read Permissions This object only
Permission Removed Allow Pre-Windows 2000 Compatible Access Read All Properties + List Object + List Contents + Read Permissions This object only
Permission Removed Allow Read All Properties + List Object + List Contents + Read Permissions This object and all child objects
Permission Added Allow Pre-Windows 2000 Compatible Access Read All Properties + List Object + List Contents + Read Permissions This object only
Schema Admins is protected in Change Auditor, so the changes were not successful.
My question is, where are these permissions coming from that Change Auditor thinks it needs to change them?
David