Setting an Audit Policy

In Windows Vista and Windows Server 2008, audit policy is organized hierarchically. This is a significant enhancement to audit policy; previous versions of Windows had a flat audit policy with a much smaller degree of control over the resultant audit volume.

Prior to Windows Vista, each security event was mapped to one of nine audit policy categories. By enabling either success or failure auditing for an audit category, you enable all the audit events for that category. Figure 8-2 shows the organization of audit policy in pre-Windows Vista systems.

Pre-Windows Vista hierarchical audit policy organization.

Figure 8-2. Pre-Windows Vista hierarchical audit policy organization.

In Windows ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.