Auditing the Registry

Access to the registry can be audited, as can access to other areas of the operating system. Auditing allows you to track which users access the registry and what they’re doing. All the permissions listed previously in Table 12-1 and Table 12-2 can be audited. However, you usually limit what you audit to only the essentials to reduce the amount of data that is written to the security logs and to reduce the resources used to track registry usage.

Before you can enable auditing of the registry, you must enable the auditing function on the computer you are working with. You can do this either through the server’s local policy or through the appropriate Group Policy object. The policy that controls auditing is Computer Configuration\Windows ...

Get Windows PowerShell™ 2.0: Administrator’s Pocket Consultant now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.