Skip to Main Content
Windows Server 2008: The Definitive Guide
book

Windows Server 2008: The Definitive Guide

by Jonathan Hassell
March 2008
Beginner to intermediate content levelBeginner to intermediate
494 pages
13h 4m
English
O'Reilly Media, Inc.
Content preview from Windows Server 2008: The Definitive Guide

Using Auditing and the Event Log

Keeping track of what your system is doing is one of the most important, but tedious, processes of good IT security management. In this section, I'll look at the tools to audit events that happen on your system and the utilities used to view them.

Auditing controls and properties are modified through GPOs in Windows 2000, Windows XP, and Windows Server 2008. Assuming your computer is participating in an Active Directory domain, you can find the domain auditing policy inside the Default Domain Policy, in the Computer Configuration → Windows Settings → Security Settings → Local Policies → Audit Policies tree. Otherwise, you can view the Local Security Policy through the Administrative Tools applet in the Control Panel.

The settings for each GPO indicate on what type of events and on what type of result a log entry will be written. Here are the options for auditing policies:

Audit account logon events

Writes an entry when domain users authenticate against a domain controller

Audit account management

Indicates when user accounts are added, modified, or deleted

Audit directory service access

Audits when queries and other communications with Active Directory are made

Audit logon events

Writes an entry when local users access a resource on a particular computer

Audit object access

Indicates when certain files, folders, or other system objects are opened, closed, or otherwise "touched"

Audit policy change

Audits when local policies (such as the Local Security Policy) ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

The Complete Guide to Windows Server 2008

The Complete Guide to Windows Server 2008

John Savill

Publisher Resources

ISBN: 9780596514112Errata Page