Auditing Printing Events
Auditing is a means of tracking a printer's usage. It's possible to specify which groups or users and which actions to audit for a particular printer, as well as audit both successful and failed actions. Windows 2000 stores the data that is generated from auditing a file, which can be viewed and published in various formats using Event Viewer.
To change audit entries, you use the Audit Entry for printer_name page of the Printer Properties dialog box (Figure 4.16).
Figure 4.16 Example of an Audit Entry Page
To add, remove, view, or edit audit entries for a printer
In the Properties dialog box for the printer, click the Security tab, and then click Advanced .
Click the Auditing tab.
If the tab is not visible, this means you do not have administrator permissions (Manage Printers, Manage Documents) for the server and you cannot continue.Use the Add and Remove buttons to specify user names and/or groups to be audited, or the View/Edit button to change settings.
The Add and View/Edit buttons take you to the Audit Entry for printer_name page as shown in Figure 4.16.On the Audit Entry page, under Apply onto , specify whether the auditing should be done by printer, by document, or both.
Under Access , select check boxes as appropriate to tailor the auditing for the users or groups appearing in the Name box:
Successful means "Audit all successful attempts to perform this action."
Failed means "Audit all failed attempts to perform this action."
Print , Manage Printers , and Manage Documents are the printing permissions. Read Permissions , Change Permissions , and Take Ownership are permissions to control permissions. Table 4.4 shows the associated events that are audited by selecting each permission.
To configure another user or group for auditing, click Choose Account .
When finished, click OK to save all your settings.
.gif "note-icon")
Note
Most printers should not be audited: the Event Log service would fill up with useless information. It is best to limit auditing to select, high-security printers.
Table 4.4 Audit Events Matrix for Printers
Event |
Manage Documents |
Manage Printers |
Read Permissions |
Change Permissions |
Take Ownership |
|
|---|---|---|---|---|---|---|
Printing documents |
Audited |
Not audited |
Not audited |
Not audited |
Not audited |
Not audited |
Changing document printing preferences |
Audited |
Not audited |
Not audited |
Not audited |
Not audited |
Not audited |
Changing document job properties |
Not audited |
Audited |
Not audited |
Not audited |
Not audited |
Not audited |
Pausing, restarting, moving, and deleting documents |
Not audited |
Audited |
Not audited |
Not audited |
Not audited |
Not audited |
Changing document printing defaults |
Not audited |
Audited |
Audited |
Not audited |
Not audited |
Not audited |
Creating a printer share |
Not audited |
Not audited |
Audited |
Not audited |
Not audited |
Not audited |
Changing printer properties |
Not audited |
Not audited |
Audited |
Not audited |
Not audited |
Not audited |
Deleting a printer |
Not audited |
Not audited |
Audited |
Not audited |
Not audited |
Not audited |
Reading printer permissions |
Not audited |
Not audited |
Not audited |
Audited |
Not audited |
Not audited |
Changing printer permissions |
Not audited |
Not audited |
Not audited |
Not audited |
Audited |
Not audited |
Taking ownership |
Not audited |
Not audited |
Not audited |
Not audited |
Not audited |
Audited |
.gif "important-icon")
Important
For this procedure to work, the Audit Object Access option in Group Policy must be set to audit successful attempts, failed attempts, or both. To access this option, click Computer Configuration , Windows Settings , Security Settings , Local Policies , and then click Audit Policy .