Export (0) Print
Expand All
2 out of 2 rated this helpful - Rate this topic

Audit Policies

Applies To: Windows 7, Windows Server 2008 R2

Before you implement auditing, you must decide on an auditing policy. An auditing policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization.

The event categories that you can choose to audit are:

  • Audit account logon events

  • Audit account management

  • Audit directory service access

  • Audit logon events

  • Audit object access

  • Audit policy change

  • Audit privilege use

  • Audit process tracking

  • Audit system events

If you choose to audit access to objects as part of your audit policy, you must enable either the audit directory service access category (for auditing objects on a domain controller), or the audit object access category (for auditing objects on a member server or workstation). Once you have enabled the object access category, you can specify the types of access you want to audit for each group or user.

To enable auditing of local objects, you must be logged on as a member of the built-in Administrators group.

Additional references

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.