Share via


Setting Up CA Auditing

Applies To: Windows Server 2003 with SP1

CA auditing depends on system object access auditing to be enabled. Therefore, to set up CA auditing for a system, a system administrator will have to

  1. Enable Object Access Auditing on the system.

  2. Enable auditing for the CA by selecting which group of events to audit in the MMC snap-in.

The following sections describe these steps in detail.

Enabling Object Access Auditing

When the CA Is on a Domain Controller

To enable object access auditing when the CA is on a Domain Controller (DC)

  1. Select Start > Programs > Administrative Tools > Domain Controller Security Policy.

  2. Expand Default Domain Controllers Security.

  3. Expand Computer Configuration.

  4. Expand Windows Settings.

  5. Expand Security Settings.

  6. Expand Local Policies.

  7. Select Audit Policy.

  8. Right-click Audit object access and select Properties.

  9. Check Define these policy settings.

  10. Check Success and Failure under Audit these attempts.

  11. Click OK.

When the CA Is on a Member or a Workgroup Server

To enable object access auditing when the CA is on a member or a workgroup server

  1. Select Start > Programs > Administrative Tools > Local Security Policy.

  2. Expand Local Policies.

  3. Select Audit Policy.

  4. Right-click Audit object access and select Properties.

  5. Check Success and Failure under Audit these attempts.

  6. Click OK.

Enabling Auditing on the CA

To enable auditing of the CA

  1. Open the MMC snap-in.

  2. Right-click the CA and select Properties.

  3. Click the Audit tab.

  4. Check which groups of CA operations to audit.

  5. Click OK.