Microsoft® Windows® Security Resource Kit, Second Edition

Configuring Audit Policies

Windows Server 2003, Windows 2000, and Windows XP provide several categories of auditing for security events. When designing your enterprise audit strategy, you will need to decide whether to include success and failure events for the following categories of security audit events:

Account logon events
Account management events
Directory service access
Logon events
Object access
Policy change
Privilege use
Process tracking
System events

You can see the current status of auditing for each area by looking in the Local Security Policy Microsoft Management Console (MMC) in Windows Server 2003, Windows 2000, or Windows XP. Figure 15-2 shows how the audit policy settings are displayed in Windows 2000.

Figure 15-2. Viewing audit ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Configuring Audit Policies

Figure 15-2. Viewing audit ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly