programming4us
 
Windows
 

Windows Server 2008 : Understanding Group Policy Settings (part 1) - Enabling Auditing Through Group Policy

12/28/2013 1:56:55 AM

Administrators use Group Policy to administer and manage users and computers within a domain. There are literally thousands of Group Policy settings. The goal isn’t to know them all but instead to understand a few key Group Policy settings, how they’re created, and how they apply. The following sections cover a few Group Policy settings.

Enabling Auditing Through Group Policy

You can configure audit policy settings to ensure that certain activities in your organization are tracked.

Figure 1 shows the Audit Policy in the Default Domain Policy open, and the following table explains these audit policy settings.

Figure 1. Audit Policy in the Default Domain Policy

Audit Policy SettingsComments
Audit account logon events.Account logon events are generated when a domain user account is authenticated on a domain controller and the event is logged in the domain controller’s security log. Account logoff events are not generated.
Audit account management.Account management events include when a user account or group is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed.
Audit directory service access.Enables security logging for any Active Directory object (such as users, groups, and OUs) access in Active Directory that have security logging enabled. This setting is enabled by default for domain controllers.

Note

This setting only applies to domain controllers. It has no meaning for workstations and servers.

Audit logon events.Logon events are generated when a local user is authenticated on a local computer. The event is logged in the local security log.
Audit object access.Enables security logging for any object (such as files, folders, and printers) access in the domain that has security logging enabled. It is not enabled by default.

Tip

Enabling object access auditing is a two-step process. You must first enable the auditing through Group Policy. Then you must enable auditing for the individual object. For example, Figure 2 shows the Auditing tab of the Advanced Security Settings of a folder named Data.

Audit policy change.Generates security log entries in response to changes in user rights assignment policies, audit policies, or trust policies.
Audit privilege user.The use of elevated privileges generates a log in the security log. For example, if a user takes ownership of a file, it generates a log entry.
Audit process tracking.Process tracking logs entries for events such as program activation, process exit, handle duplication, and indirect object access.
Audit system events.System events include when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.

Note

Both success and failure events can be logged for each of these Audit Policy settings. A success event occurs when the user succeeds in the action. A failure event occurs when the user attempts the action but is unsuccessful, such as when the user doesn’t have permissions or rights to take the action.


Figure 2. Enabling Object Access Auditing for a folder

 
Others
 
- Windows Server 2008 : Filtering GPOs by Modifying Permissions
- Windows Server 2008 : Launching the Group Policy Management Console, Understanding Group Policy Order of Precedence
- Windows Server 2008 : Creating and Running a PowerShell Script - Scheduling PowerShell Scripts
- Windows Server 2008 : Creating and Running a PowerShell Script - Running a Script Against Multiple Computers
- Windows Server 2012 : Preparing for deploying domain controllers (part 3) - Existing forest domain controller deployment
- Windows Server 2012 : Preparing for deploying domain controllers (part 2) - New forest domain controller deployment
- Windows Server 2012 : Preparing for deploying domain controllers (part 1) - AD DS deployment scenarios
- Windows Server 2012 : Windows PowerShell automation (part 2) - Disconnected sessions
- Windows Server 2012 : Windows PowerShell automation (part 1) - Background jobs, Scheduled jobs
- Windows 7 : Making and Ending a Dial-Up Connection
 
 
REVIEW
 
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- Sigma 24mm f/1.4 DG HSM Art

- Canon EF11-24mm f/4L USM

- Creative Sound Blaster Roar 2

- Alienware 17 - Dell's Alienware laptops

- Smartwatch : Wellograph

- Xiaomi Redmi 2
 
VIDEO TUTORIAL
 
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
 
Top 10
 
- How To Install Android Market & Google Apps On Kindle Fire
- How To Make Ubuntu Look Like Windows 7
- How To Add A New Account in MS Outlook 2013
- Get Android & Mac OS X Style Gadgets For Windows 7 & Windows 8 With XWidget
- How To Activate Microsoft Office 2013
- How To Install Actual Facebook App On Kindle Fire
- How To Create, View And Edit Microsoft Office Files On Kindle Fire
- Download Attractive Business PowerPoint Templates For Free At SlideHunter
- How To Use And Enable Hibernate & Sleep Mode In Windows 8
- How To Get Microsoft Office 2013 Trial Product Key From Microsoft