Security auditing is one of the most powerful tools to help maintain the security of your system. As part of your overall security strategy, you should determine the level of auditing appropriate for your environment. Auditing should identify attacks, either successful or not, that pose a threat to your network, or attacks against resources that you have determined to be valuable in your risk assessment.
Getting Started
-
Advanced Security Audit Policy Step-by-Step Guide
This step-by-step guide for Windows Server 2008 R2 and Windows 7 demonstrates the process of setting up an advanced audit policies infrastructure in a test environment. During this process, you will create an Active Directory domain, install Windows Server 2008 R2 on a member server, install Windows 7 on a client computer, and configure two advanced audit policies.
-
Which Versions of Windows Support Advanced Audit Policy Configuration?
This page provides information about the versions of Windows that support advanced audit policy configuration and special considerations that apply to various tasks associated with auditing enhancements.
Deployment
-
Planning and Deploying Advanced Security Audit Policies
This document explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes computers running Windows 7 or Windows Server 2008 R2.
Technical Reference
-
Security Audit Policy Reference
This reference provides information about the auditing settings available in Windows Server 2008 R2 and Windows 7 and the audit events that they generate.
Installed Help
-
Auditpol
This page provides syntax and examples for using the Auditpol command-line tool, which can be used to display information about and performs functions to manipulate audit policies.
Additional Resources