Name
auditing
Synopsis
Configure an audit policy, enable auditing of Active Directory, filesystem, and printer objects, and view audit events in the security log.
Procedures
For a general discussion of auditing, see auditing.
Configure an Audit Policy
Audit policies can be configured:
For individual computers in a workgroup by using Security Settings → Local Policies → Audit Policy in the Local Security Policy console.
For individual computers in a domain by using the Local Computer Policy Computer Configuration → Windows settings → Local Policies → Audit Policy in a Group Policy console.
For multiple computers on a network by creating a Group Policy Object and assigning it to a site, domain, or OU.
Once you have selected the Audit Policy container in the appropriate console, open each audit policy in the Details Pane by double-clicking on it, and enable it for success and/or failure auditing as desired.
See Group Policy Objects (GPOs) and Local Security Policy in this chapter for more information.
Tip
Here are a few tips on creating an audit policy:
Don’t audit everything: that’s being paranoid and will create huge overhead on your system (your security log will be full in no time). Instead, be selective in what you audit, focusing on auditing failures for security tracking and on successes for resource access.
Don’t configure auditing on every computer in your network. Each computer has its own specific roles, resources, and vulnerabilities. You don’t want to spend all your nights and weekends ...
Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
