(0) exportieren Drucken
Alle erweitern

Monitor Claim Types

Letzte Aktualisierung: August 2012

Betrifft: Windows 8, Windows Server 2012

This topic describes how to monitor changes to claim types associated with Dynamic Access Control.

noteHinweis
The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps).

Claim types are one of the basic building blocks of Dynamic Access Control. Claim types can include attributes such as the departments in an organization or the levels of security clearance that apply to classes of users. You can use security auditing to track whether claims are added, modified, enabled, disabled, or deleted.

noteHinweis
The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps)

  1. Sign in to your domain controller with domain administrator permissions.

  2. In Server Manager, point to Tools, and then click Group Policy Management.

  3. In the console tree, right-click the default domain controller Group Policy Object, and then click Edit.

  4. Double-click Computer Configuration, click Security Settings, expand Advanced Audit Policy Configuration, expand System Audit Policies, click DS Access, and then double-click Audit directory service changes.

  5. Select the Configure the following audit events check box, select the Success and, if desired, Failure check boxes, and then click OK.

  1. Sign in to your domain controller with domain administrator permissions.

  2. Open the Active Directory Administrative Center.

  3. Under Dynamic Access Control, right-click Claim Types, and then click Properties.

  4. Click the Security tab, click Advanced to open the Advanced Security Settings dialog box, and then click the Auditing tab.

  5. Click Add, add a security auditing setting for the container, and then close all the Security properties dialog boxes.

  6. In the Claim Types container, add a new claim type or select an existing claim type. In the Tasks pane click Properties, and then change one or more attributes.

    Click OK, and then close the Active Directory Administrative Center.

  7. Open Event Viewer on this domain controller, expand Windows Logs, and select the Security log.

    Look for event 5137. Key information to look for includes the name of the new attribute that was added, the type of claim that was created, and the user who created the claim.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.

Community-Beiträge

Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur MSDN-Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die MSDN-Website verlassen.

Möchten Sie an der Umfrage teilnehmen?
Anzeigen:
© 2014 Microsoft