IT tutorials
 
Windows
 

Windows Server 2008 : Understanding Group Policy Settings (part 1) - Enabling Auditing Through Group Policy

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/28/2013 1:56:55 AM

Administrators use Group Policy to administer and manage users and computers within a domain. There are literally thousands of Group Policy settings. The goal isn’t to know them all but instead to understand a few key Group Policy settings, how they’re created, and how they apply. The following sections cover a few Group Policy settings.

Enabling Auditing Through Group Policy

You can configure audit policy settings to ensure that certain activities in your organization are tracked.

Figure 1 shows the Audit Policy in the Default Domain Policy open, and the following table explains these audit policy settings.

Figure 1. Audit Policy in the Default Domain Policy

Audit Policy SettingsComments
Audit account logon events.Account logon events are generated when a domain user account is authenticated on a domain controller and the event is logged in the domain controller’s security log. Account logoff events are not generated.
Audit account management.Account management events include when a user account or group is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed.
Audit directory service access.Enables security logging for any Active Directory object (such as users, groups, and OUs) access in Active Directory that have security logging enabled. This setting is enabled by default for domain controllers.

Note

This setting only applies to domain controllers. It has no meaning for workstations and servers.

Audit logon events.Logon events are generated when a local user is authenticated on a local computer. The event is logged in the local security log.
Audit object access.Enables security logging for any object (such as files, folders, and printers) access in the domain that has security logging enabled. It is not enabled by default.

Tip

Enabling object access auditing is a two-step process. You must first enable the auditing through Group Policy. Then you must enable auditing for the individual object. For example, Figure 2 shows the Auditing tab of the Advanced Security Settings of a folder named Data.

Audit policy change.Generates security log entries in response to changes in user rights assignment policies, audit policies, or trust policies.
Audit privilege user.The use of elevated privileges generates a log in the security log. For example, if a user takes ownership of a file, it generates a log entry.
Audit process tracking.Process tracking logs entries for events such as program activation, process exit, handle duplication, and indirect object access.
Audit system events.System events include when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.

Note

Both success and failure events can be logged for each of these Audit Policy settings. A success event occurs when the user succeeds in the action. A failure event occurs when the user attempts the action but is unsuccessful, such as when the user doesn’t have permissions or rights to take the action.


Figure 2. Enabling Object Access Auditing for a folder

 
Others
 
- Windows Server 2008 : Filtering GPOs by Modifying Permissions
- Windows Server 2008 : Launching the Group Policy Management Console, Understanding Group Policy Order of Precedence
- Windows Server 2008 : Creating and Running a PowerShell Script - Scheduling PowerShell Scripts
- Windows Server 2008 : Creating and Running a PowerShell Script - Running a Script Against Multiple Computers
- Windows Server 2012 : Preparing for deploying domain controllers (part 3) - Existing forest domain controller deployment
- Windows Server 2012 : Preparing for deploying domain controllers (part 2) - New forest domain controller deployment
- Windows Server 2012 : Preparing for deploying domain controllers (part 1) - AD DS deployment scenarios
- Windows Server 2012 : Windows PowerShell automation (part 2) - Disconnected sessions
- Windows Server 2012 : Windows PowerShell automation (part 1) - Background jobs, Scheduled jobs
- Windows 7 : Making and Ending a Dial-Up Connection
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us