Enabling Auditing
When you’ve identified what settings you want to configure and which objects you want to audit, you can configure the system to begin the audit-log collections. You can enable auditing for a local system by modifying the Local Security Policy. If you want to enable auditing for several systems in a domain, you can do so via Group Policy.
The following steps show how to enable auditing locally for any Windows Server 2008 server:
1. Click Start Administrative Tools Local Security Policy. If prompted by User Account Control (UAC), click Continue.
2. Expand Security Settings Local Policies, and select Audit Policy.
3. Double-click any of the audit settings.
4. Select Success and/or Failure, as desired. Click the Explain ...
Get Microsoft® Windows® Security: Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
