(0) exportieren Drucken
Alle erweitern
Dieser Artikel wurde noch nicht bewertet - Dieses Thema bewerten.

Monitor Central Access Policy and Rule Definitions

Letzte Aktualisierung: August 2012

Betrifft: Windows 8, Windows Server 2012

This topic describes how to monitor changes to central access policy and central access rule definitions. Central access policies and rules determine access permissions on multiple files on multiple file servers. Therefore, it is important to monitor changes to them. Like user claim and device claim definitions, central access policy and rule definitions reside in Active Directory Domain Services (AD DS), and they can be monitored just like any other object in Active Directory.

noteHinweis
The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps)

Central access policies and rules are critical elements in a Dynamic Access Control deployment. CAPs and CARs are stored in AD DS, which means they should be less likely to be tampered with than other network objects. However, it may be important to monitor these objects for potential changes in security auditing and to verify that policies are being enforced

  1. Sign in to your domain controller with domain administrator permissions.

  2. In Server Manager, point to Tools, and then click Group Policy Management.

  3. In the console tree, right-click the default domain controller Group Policy Object, and then click Edit.

  4. Double-click Computer Configuration, click Security Settings, expand Advanced Audit Policy Configuration, expand System Audit Policies, click DS Access, and then double-click Audit directory service changes.

  5. Select the Configure the following audit events check box, select the Success and, if desired, Failure check boxes, then click OK.

  6. Close the Group Policy Management Editor.

  7. Open the Active Directory Administrative Center.

  8. Under Dynamic Access Control, right-click Central Access Policies, and then select Properties.

  9. Click the Security tab, click Advanced to open the Advanced Security Settings dialog box, and then click the Auditing tab.

  10. Click Add, add a security auditing setting for the container, and then close all Security properties dialog boxes.

The following procedure describes how to verify that changes to CAP and CAR definitions are being monitored.

  1. Use domain administrator credentials to sign in to your domain controller.

  2. Open the Active Directory Administrative Center.

  3. Under Dynamic Access Control, right-click Central Access Policies, and then click Properties.

  4. Click the Security tab, click Advanced to open the Advanced Security Settings dialog box, and then click the Auditing tab.

  5. Click Add, add a security auditing setting for the container, and then close all Security properties dialog boxes.

  6. In the Central Access Policies container, add a new CAP or select one of your existing CAPs, click Properties in the Tasks pane, and then change one or more attributes.

  7. Click OK, and then close the Active Directory Administrative Center.

  8. In Server Manager, click Tools, and then click Event Viewer.

  9. Expand Windows Logs, and then click Security. Verify that event 4819 appears in the security log.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.

Community-Beiträge

Anzeigen:
© 2014 Microsoft. Alle Rechte vorbehalten.