Configuring Audit Policies

Windows Server 2003, Windows 2000, and Windows XP provide several categories of auditing for security events. When designing your enterprise audit strategy, you will need to decide whether to include success and failure events for the following categories of security audit events:

  • Account logon events

  • Account management events

  • Directory service access

  • Logon events

  • Object access

  • Policy change

  • Privilege use

  • Process tracking

  • System events

You can see the current status of auditing for each area by looking in the Local Security Policy Microsoft Management Console (MMC) in Windows Server 2003, Windows 2000, or Windows XP. Figure 15-2 shows how the audit policy settings are displayed in Windows 2000.

Figure 15-2. Viewing audit ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.