server security audit


Name of auditing – server 2008 defualts Audit Account Logon Events -successful and failed Triggered anytime you log into the domain. If the computer or user authenticates to the DC it’s an account logon event. Audit Logon events – successful and failed Creates an event when you logon to a computer. You log into a domain, an event is recorded on the DC. You log in locally, the event is recorded on that machine. You access a folder, you authenticate to that machine and the event is recorded on that machine. Audit Account Management – successful only Audits events for creation, deletion, or modification of users, groups, computers, or passwords. Audit Directory Service Account – successful only Audits events specified on the security of objects in AD. Audit Policy Change – successful only Audits events that modify user rights. Audit Privilege use – none Not sure. Is this the Security setting in GPME? “audits the use of a privilege or user right.” Audit System Events – sucess and failure Audits success, failure, or changes that affect they system or security log. Audit Process tracking – success Audits events such as program activation and process exit audit object access – success Audits access to objects such as files, folders, registry keys, and printers that have their access control list (ACL) or security tab. Requires enable options on those items as well Providing training videos since last Tuesday. technoblogical.com Thanks for watching.