Audit Policy Subcategories
Windows Server 2012 allows more granularity in the setting of the audit policies. In earlier versions of the Windows Server platform, the audit policies could only be set on the general categories. This usually resulted in a large number of security events, many of which are not of interest to the administrator. System management software was usually needed to help parse all the security events to find and report on the relevant entries. Windows Server 2012 exposes additional subcategories under each of the general categories, which can each be set to No Auditing, Success, Failure, or Success and Failure. These subcategories allow administrators to fine-tune the audited events.
Unfortunately, the audit categories do ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.