We’ve used a variety of third party tools to monitor Active Directory domain account changes. They’ve all either been expensive or kind of sucked (or, unfortunately, both). But if you’re running a relatively new OS on your controller you can use the magick of Powershell to ship you alerts on account changes! Powershell can monitor the local Security Event Log on your controller and ship you an email when events matching your description are entered. Here’s an example Powershell script:
File this under Simple Stuff I Forget.
- Open Terminal Services Configuration in Administrative Tools
- In the left pane select Connections. In the right pane, right click on RDP-Tcp and choose Properties
- Under the Permissions tab add or remove as necessary
I recommend utilizing the Remote Desktop Users security group builtin for good administrative karma.