Exportieren (0) Drucken
Alle erweitern

Monitor Resource Attribute Definitions

Letzte Aktualisierung: September 2012

Betrifft: Windows 8, Windows Server 2012

This topic describes how to monitor changes to resource attribute definitions. Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged.

For information about monitoring changes to the resource attributes that apply to files, see Monitor the Resource Attributes on Files and Folders.

The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps)

Resource attributes are critical elements of a Dynamic Access Control deployment. Like User/Device claim definitions, Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to Resource Attribute definitions can be monitored just like any other AD DS object.

  1. Sign in to your domain controller with domain administrator permissions.

  2. In Server Manager, point to Tools, and then click Group Policy Management.

  3. In the console tree, right-click the default domain controller Group Policy Object, and then click Edit.

  4. Double-click Computer Configuration, click Security Settings, expand Advanced Audit Policy Configuration, expand System Audit Policies, click DS Access, and then double-click Audit directory service changes.

  5. Select the Configure the following audit events check box, select the Success and, if desired, Failure check boxes, and then click OK.

  6. Close the Group Policy Management Editor.

  7. Open the Active Directory Administrative Center.

  8. Under Dynamic Access Control, right-click Resource Properties, and then click Properties.

  9. Click the Security tab, click Advanced to open the Advanced Security Settings dialog box, and then click the Auditing tab.

  10. Click Add, add a security auditing setting for the container, and then close all Security properties dialog boxes.

The following procedure describes how to verify that changes to resource attribute definitions are being monitored.

  1. Use domain administrator credentials to sign in to your domain controller.

  2. Open the Active Directory Administrative Center.

  3. Under Dynamic Access Control, click Resource Properties, and then double-click a resource attribute.

  4. Make changes to this resource attribute.

  5. Click OK, and then close the Active Directory Administrative Center.

  6. In Server Manager, click Tools, and then click Event Viewer.

  7. Expand Windows Logs, and then click Security. Verify that event 5137 appears in the security log.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.


© 2015 Microsoft