Help: Enable auditing of Windows Firewall events

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To enable auditing of Windows Firewall events

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Group Policy settings in your organization.

  2. Open Windows Settings, open Security Settings, open Local Policies, and then click Audit Policy.

  3. Double-click Audit process tracking, select the Success and Failure check boxes, and then click OK.

  4. Double-click Audit policy change, select the Success and Failure check boxes, and then click OK.

Notes

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

  • You can determine when a system service listens on a port by enabling auditing and viewing security event log entries.

  • You must enable auditing for Windows Firewall events to appear in the security event log.

See Also

Concepts

Help: Windows Firewall overview
Help: View Windows Firewall events in Event Viewer