Re: Auditing events for Security Monitoring
- From: "Anthony [MVP]" <anthony@xxxxxxxxxxxx>
- Date: Thu, 23 Jul 2009 20:54:09 +0100
Venkatesh,
You can achieve that by turning on Success and Failure auditing for all classes.
I think your problem will be rather how to analyse the data to make any sense of it,
Anthony,
http://www.airdesk.com
"Venkatesh" <Venkatesh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0B2D84C6-A0B7-4D5A-8A85-3EFE54A96E2E@xxxxxxxxxxxxxxxx
Hi there,.
In a Windows Server 2003, how can we monitor the following events:
* All actions taken by any individual with administrative privileges.
* Initialization of the audit logs.
* Creation and deletion of system-level objects e.g DLL and critical EXE
files.
* Service Account Authentication
Please let me know what needs to be turned-on in GPEdit.msc. Also, if you
can share the corresponding event ID numbers it would be great.
Thank,
- References:
- Auditing events for Security Monitoring
- From: Venkatesh
- Auditing events for Security Monitoring
- Prev by Date: Re: user "microsoft" in administratrs group
- Next by Date: restore a modified gpo xml file
- Previous by thread: Auditing events for Security Monitoring
- Next by thread: File / Registry auditing using Group Policy
- Index(es):
Relevant Pages
|
