Exportieren (0) Drucken
Alle erweitern

Monitor the Central Access Policies that Apply on a File Server

Letzte Aktualisierung: August 2012

Betrifft: Windows 8, Windows Server 2012

This topic describes how to monitor changes to the central access policies that apply to a file server. Central access policies are created on a domain controller and then applied to file servers through Group Policy.

The following procedure describes how to configure security auditing to monitor changes to the set of central access policies on a file server.

The following procedures assume that you have configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps).

  1. Sign in to your domain controller with domain administrator credentials.

  2. In Server Manager, point to Tools, and then click Group Policy Management.

  3. In the console tree, right-click the flexible access Group Policy Object, and then click Edit.

  4. Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, double-click Policy Change, and then double-click Other Policy Change Events.

    This policy setting monitors policy changes that might not be captured otherwise, such as central access policy changes or trusted platform module configuration changes.

  5. Select the Configure the following audit events check box, select the Success and, if desired, the Failure check boxes, then click OK.

To verify that changes to the set of central access policies are being audited, you must modify the set on the domain controller, verify that the changes have been applied to the file server, and verify that the proper events are logged.

  1. Using domain administrator credentials, sign in to your domain controller.

  2. Open the Group Policy Management Console.

  3. Right-click the Default domain policy node, and then select Edit.

  4. Double-click Computer Configuration, double-click Policies, and then double-click Windows Settings.

  5. Double-click Security Settings, right-click File system, and then click Manage CAPs.

  6. In the wizard that opens, follow the instructions to add a new CAP, and then click OK.

  7. Using local administrator credentials, sign in to the server that hosts resources that are subject to the central access policy you changed.

  8. Press the Windows key+R, then type cmd to open a Command Prompt window.

    If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  9. Type gpupdate /force, and press ENTER.

  10. In Server Manager, click Tools, and then click Event Viewer.

  11. Expand Windows Logs, and then click Security. Verify that event 4819 appears in the security log.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.


© 2015 Microsoft