Re: What should be audited on a DC
From: Samantha (anonymous_at_discussions.microsoft.com)
Date: 05/13/04
- Previous message: Hanna: "Windows 2000 Updates"
- In reply to: Steven L Umbach: "Re: What should be audited on a DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 May 2004 20:26:05 -0700
Thank you Steven
----- Steven L Umbach wrote: -----
That depends on what you want to monitor and how much time you have to do
such. Generally for domain controllers you want to audit at least account
logon events for sucess and failure and probably system events, policy
change, and account management. If you audit everything then your logs fill
up very quickly with events that make it hard to see what you really need to
see and can impair performance on your computers. There may be other
categories you may want to audit on certain occassions [such as object
access/folder auditing] or for situations that require higher level of
security. Be sure to increase the size of your security logs quite a bit
from default and learn how to use the filter view and free tools like Event
Comb. The links below may be helpful. --- Steve
http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch03.mspx
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
"Samantha" <anonymous@discussions.microsoft.com> wrote in message
news:7DD9660A-92E6-4202-A994-83CCCC030F0D@microsoft.com...
> Hi All,
>> What audit policies should I configured to be view in event viewer on a
Domain Controller?
>> Many thanks
- Previous message: Hanna: "Windows 2000 Updates"
- In reply to: Steven L Umbach: "Re: What should be audited on a DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
