Information Technology Reference
In-Depth Information
This objective covers how to:
■
Implement auditing using Group Policy and AuditPol.exe
■
Create expression-based audit policies
■
Create removable device audit policies
You can implement advanced audit policies by configuring the Group Policy settings for the
type of advanced auditing you want to enable. The advanced audit policies are grouped into
10 subcategories:
■
Account Logon
■
Account Management
■
Detailed Tracking
■
DS Access
■
Logon/Logoff
■
Object Access
■
Policy Change
■
Privilege Use
■
System
■
Global Object Access Auditing
Advanced auditing is located in Computer Configuration\Policies\Windows Settings\
Security Settings\Advanced Audit Policies. To configure advanced auditing, select a subcat-
egory and then double-click the policy you want to configure and set the audit on success or
failure. For example, to audit logon success, select the Logon/Logoff category and double-
click Audit Logon to open the Audit Logon Properties dialog box shown in Figure 2-36. Select
the Configure The Following Audit Events check box; select Success, Failure, or both; and click
OK to apply.
