Monday, April 18, 2011
To Know About Audit Policies
7:03 AM | 
Posted by
javabisnis88
It is your decision on the events you want to audit by setting up an 220-702 exam audit policy in a GPO. This policy defines the categories of events recorded in the security log on each computer. You set the Audit Policy settings in the Computer Configuration/Windows Settings/ Security Settings/Local Policies/Audit Policy extension in a GPO. You can set up an audit policy for a computer to track the success and failure of the event categories described in Table 13-2.
A domain controller received a request to validate a user account.
An administrator created, changed, or deleted a user account or group. A user account was renamed, dis-abled, or enabled, or a password was set or changed.
The user access an Active Directory object. You must configure specific Active Directory objects for auditing to log this type of event, as described in the section "Configuring Objects for Auditing" later in this lesson.
A user logged on or logged off, or a user made or canceled a network connection to the computer.
A user gained access to a file, folder, or printer. You must configure get a+ certified online specific files,
folders, or printers for auditing, as described in the section "Configuring Objects for Auditing" later in this lesson.
A change was made to the user security options, user rights, or audit policies.
A user exercised a right, such as changing the system time (this does not include rights that are related to logging on and logging off).
A program performed an action. This information is generally useful only for programmers who want to track details of program execution. Be aware that pro?cess tracking can generate a large number of events.
A user restarted or shut down the computer, or an event occurred that affects system security or the secu-rity log (for example, the audit log is full and the system discards entries).
Audit Object Access, Audit Privilege Use, and Audit Process Tracking are
specifically turned off in the Default Domain Controllers Policy. Although you probably won't use the latter two types of auditing, you should keep in mind that if you want to audit a file or folder that sits on a domain controller, you'll have to enable Audit Object Access in the Default Domain Controllers Policy, instead of simply enabling it in the Local Security Policy of the domain controller. Otherwise, the setting in the Default Domain Controllers Policy will prevent MCITP certification any type of auditing on the domain controller.
A domain controller received a request to validate a user account.
An administrator created, changed, or deleted a user account or group. A user account was renamed, dis-abled, or enabled, or a password was set or changed.
The user access an Active Directory object. You must configure specific Active Directory objects for auditing to log this type of event, as described in the section "Configuring Objects for Auditing" later in this lesson.
A user logged on or logged off, or a user made or canceled a network connection to the computer.
A user gained access to a file, folder, or printer. You must configure get a+ certified online specific files,
folders, or printers for auditing, as described in the section "Configuring Objects for Auditing" later in this lesson.
A change was made to the user security options, user rights, or audit policies.
A user exercised a right, such as changing the system time (this does not include rights that are related to logging on and logging off).
A program performed an action. This information is generally useful only for programmers who want to track details of program execution. Be aware that pro?cess tracking can generate a large number of events.
A user restarted or shut down the computer, or an event occurred that affects system security or the secu-rity log (for example, the audit log is full and the system discards entries).
Audit Object Access, Audit Privilege Use, and Audit Process Tracking are
specifically turned off in the Default Domain Controllers Policy. Although you probably won't use the latter two types of auditing, you should keep in mind that if you want to audit a file or folder that sits on a domain controller, you'll have to enable Audit Object Access in the Default Domain Controllers Policy, instead of simply enabling it in the Local Security Policy of the domain controller. Otherwise, the setting in the Default Domain Controllers Policy will prevent MCITP certification any type of auditing on the domain controller.
Labels:
Business Ideas
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment