Using Advanced Security Auditing Options to Monitor Dynamic Access Control Objects
Updated: July 3, 2013
Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2
This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
These procedures can be deployed with the advanced security auditing capabilities described in the following documents:
Advanced Security Auditing Walkthrough
Deploy Security Auditing with Central Audit Policies (Demonstration Steps)
|These auditing policies use the settings and events that were introduced in Windows 8 and Windows Server 2012. The contents of this guide apply to the list of supported Windows operating systems designated in the Applies To list at the beginning of this topic.|
Domain administrators can create and deploy expression-based security audit policies by using file classification information (resource attributes), user claims, and device claims to target specific users and resources to monitor potentially significant activities on one or more computers. These policies can be deployed centrally by using Group Policy, or directly on a computer, in a folder, or in individual files.
The procedures in this document describe how to:
Monitor the Central Access Policies that Apply on a File Server
Monitor the Central Access Policies Associated with Files and Folders
Monitor the Resource Attributes on Files and Folders
Monitor Claim Types
Monitor User and Device Claims During Sign-in
Monitor Central Access Policy and Rule Definitions
Monitor Resource Attribute Definitions
Monitor the Use of Removable Storage Devices
Important This procedure can be configured on computers running any of the supported Windows operating systems. The other monitoring procedures can be configured only as part of a functioning dynamic access control deployment. If you have not yet deployed dynamic access control in your network, see Deploy a Central Access Policy (Demonstration Steps).