Enable Auditing of Windows Firewall Events

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use this procedure when you want to enable auditing so that Windows Firewall events are written to the security log. This is useful for troubleshooting Windows Firewall problems or when you are configuring Windows Firewall for the first time and you want to monitor Windows Firewall behavior.

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

Special Considerations

No special considerations are required to perform this procedure.

To enable auditing of Windows Firewall events

This procedure can be performed using Group Policy.

Using Group Policy

To enable auditing of Windows Firewall events

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Group Policy settings in your organization.

  2. Open Computer Configuration, open Windows Settings, open Security Settings, open Local Policies, and then click Audit Policy.

  3. Double-click Audit process tracking, select the Success and Failure check boxes, and then click OK.

  4. Double-click Audit policy change, select the Success and Failure check boxes, and then click OK.

If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.

Notes

  • To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Using the Security Log
Known Issues for Using the Security Log
View Windows Firewall Events in Event Viewer