May 2019
Intermediate to advanced
620 pages
21h 41m
English
Microsoft introduced the advanced security audit policy in Active Directory in Windows Server 2008 R2. This feature offers more granular auditing options in 10 categories:
For each of these categories, several auditing options are available. When these are enabled, additional entries are added to Event Viewer with the source Microsoft Windows security auditing.
A recommended practice is to copy auditing events from event viewer logs on the domain controller to a centralized Security Incident and Event Management (SIEM) solution.
Read now
Unlock full access