Re: Auditing events for Security Monitoring



Venkatesh,
You can achieve that by turning on Success and Failure auditing for all classes.
I think your problem will be rather how to analyse the data to make any sense of it,
Anthony,
http://www.airdesk.com


"Venkatesh" <Venkatesh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0B2D84C6-A0B7-4D5A-8A85-3EFE54A96E2E@xxxxxxxxxxxxxxxx
Hi there,

In a Windows Server 2003, how can we monitor the following events:

* All actions taken by any individual with administrative privileges.
* Initialization of the audit logs.
* Creation and deletion of system-level objects e.g DLL and critical EXE
files.
* Service Account Authentication

Please let me know what needs to be turned-on in GPEdit.msc. Also, if you
can share the corresponding event ID numbers it would be great.

Thank,

.