Enabling Auditing

When you’ve identified what settings you want to configure and which objects you want to audit, you can configure the system to begin the audit-log collections. You can enable auditing for a local system by modifying the Local Security Policy. If you want to enable auditing for several systems in a domain, you can do so via Group Policy.

The following steps show how to enable auditing locally for any Windows Server 2008 server:

1. Click Start Administrative Tools Local Security Policy. If prompted by User Account Control (UAC), click Continue.

2. Expand Security Settings Local Policies, and select Audit Policy.

3. Double-click any of the audit settings.

4. Select Success and/or Failure, as desired. Click the Explain ...

Get Microsoft® Windows® Security: Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.