Re: Object Access Audit Policy for a Domain
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 31 Aug 2006 14:19:41 -0700
Either bad info in that book or it was misread.
Setting that policy and audit SACL(s) in a GPO linked to the
DCs OU will cause the DCs to cut audit events for accesses
made on the DCs to resources that are part of the DCs (that
meet the SACL criteria). That is all.
Setting the policy to audit object access in a GPO linked to
the domain will make that setting on all machines of the domain
to which it is applied. However, audit events are still controlled
by what SACLs say should be auditied (and most people do not
set SACLs using GPOs), and when the event messages are cut
to the log these are on the machine where triggered (where the
SACL'd resources are).
"Tom Glasser" <TomGlasser@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0920CC9F-28D3-405D-8EEA-0BE3DD6BA024@xxxxxxxxxxxxxxxx
I am trying to figure out how Audit policies work. I got an "object
access"
policy to work on a local server (call it Server 1). Specified changes in
a
certain folder would show up in the Security Event Log of that server.
But
then I tried to implement the policy on the Domain Controller for the
entire
domain. A book I have says the folder events (on Server 1) should then
show
up in the Security Event Log on the Domain Controller. But I am not
seeing
the expected events getting logged. Any thoughts ??
Thanks,
Tom
.
- Prev by Date: Re: Can someone please describe why impersonation requires the impersonator to be local admin?
- Next by Date: Re: ophcrack v2 :|
- Previous by thread: Re: Can someone please describe why impersonation requires the impersonator to be local admin?
- Next by thread: Re: Object Access Audit Policy for a Domain
- Index(es):
Relevant Pages
|
