Monitor User and Device Claims During Sign-in
Letzte Aktualisierung: September 2012
Betrifft: Windows 8, Windows Server 2012
This topic describes how to monitor user and device claims associated with a user’s security token. Device claims are associated with the system that is used to access resources protected with Dynamic Access Control, whereas user claims are attributes associated with a user. User claims and device claims are included in the user’s security token. Examples can include Department, Company, Project, and Security clearances.
The following procedure can be used to monitor changes to user claims and device claims.
|The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps)|
Use domain administrator credentials to sign in to your domain controller.
In Server Manager, point to Tools, and then click Group Policy Management.
In the console tree, right-click the flexible access Group Policy Object, and then click Edit.
Double-click Computer Configuration, click Security Settings, expand Advanced Audit Policy Configuration, expand System Audit Policies, click Logon/Logoff, and then double-click Audit User/Device claims.
Select the Configure the following audit events check box, select the Success and, if desired, Failure check boxes, and then click OK.
Close the Group Policy Management Editor.
The following procedure illustrates how you can verify that changes to user claims and device claims are being monitored.
With local administrator credentials, sign in to a file server that is subject to the flexible access Group Policy.
Open an elevated command prompt, and run the following command:
From a client computer, connect to a file share on the file server as a user who has access permissions to the file server.
On the file server, open Event Viewer, expand Windows Logs, and select the Security log. Look for event 4626, and confirm that it contains information about user claims and device claims.
Möchten Sie an der Umfrage teilnehmen?