8.3. Auditing for Server Security
One of the primary things you can do when implementing server security is to watch what's happening on the server by implementing an auditing policy. With Windows Server 2008 you can do regular auditing or specialized Active Directory auditing.
Regular auditing is the same type of auditing that has been available on Windows Server products since Windows Server 2000. Windows Server 2008 has introduced more detailed auditing capabilities with Active Directory. When enabled, directory service access events can be logged with more detailed information.
Auditing can watch for certain events, and when these events occur, it will log the event in the Security log. You can configure auditing of both success and failure ...
Get MCITP Windows Server® 2008 Server Administrator: Study Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.