Entry configuration auditing a file or folder security descriptor is not, In itself, enable auditing. Auditors should be By identifying appropriate audit enabled Object Access policy settings within the group Strategy.
After you enable auditing, security indicating the start of the access subsystem login Audit settings. Setting policy should be applied containing the audited server object. You can configure the policy settings Server Local Group Policy object (GPO), or you can use the range specified in the server GPO.
Then, you can define a successful audit events, failed events, or both strategies. Policy settings
You must specify the object type corresponds to an entry in the audit of the success or failure of attempts audit SACL not trigger recording.
Locating Audit Policy Settings
AD DS group policy management, GPO a group of standard settings, Audit control behavior. The range of setting audit policy configuration computer located the following nodes: Windows Settings\Security\Local Policies\Audit Policy. The audit policy settings as the following basic settings:
• Audit account logon events
• Audit account management
• Audit directory service access
• Audit logon events
• Audit object access
• Audit policy change
• Audit privilege use
• Audit process tracking
• Audit system events
No comments:
Post a Comment