How to Use Windows Server 2003 Audit Policies and SACLs
Article by microsoft exams
The following sections describe what the Windows Server 2003 audit policies and Windows XP Professional can be used for, describe how object access can be audited, and then explains how to analyze events.What the Windows Server 2003 Audit Policies and SACLs Can Be Used For The audit policy is a component of the Local Security Policy container in a GPO. The configured audit policy will determine the types of events recorded in the security log of the computers whose accounts are in the container to which the GPO is linked. The default domain controller policy specifies the audit events recorded on domain controllers, while GPOs linked to the domain and to OUs will determine the events logged to the security logs on servers and desktop computers.Table 9-4 lists the audit policies and how the records that they will collect can be used. You can configure all polices in this table for success, failure, or both, or you can choose not to configure them at all. You cannot restrict their collection of events except for the Object Access category.Provides information on events that occur where the account used to log on Logon Events resides. Use this event in an Active Directory domain to examine the domain logons, including ticket information. These records will be in the free A+ practice exams log of the domain controller where logon occurred. Logon failures might indicate an attack or might simply indicate time synchronization problems between a client and the domain controller. These events are also recorded on workstations and servers when local accounts are used. Log for failure to detect attacks. Log for success to determine whether an attack was successful.
Events are recorded where the account is located. Audit for success to track management. Compare to authorized account creation, deletion, and changes (a manual effort) to discover creation of unauthorized additions and deletions. Audit for failure to catch attempts at creation and deletion by unauthorized individuals.Audit Directory Audit records regarding access to Active Directory objects will be collected Service Access only if SACLs are set on Active Directory objects. Because of the large num?ber of Active Directory objects, it would be futile, impractical, and unnecessary to audit access to every object. Instead, analyze objects for sensitivity and set auditing on these objects. Audit for success and failure here, and set requirements for success Network+ certification, failure, or both at each object audited.
About the Author
The free practice tests has been designed for professionals who analyze the business requirements. The autor devote herself to research the problems and knowledge of MCSE Certification.If you have any questions about MCSE,you can comments on the article the autor publiced.
