Implementing an Audit Policy

Audit policies allow you to track user activities and system-wide events in the security log in the Event Viewer console. In this lesson, you learn how to plan and set up an audit policy.
2.In the details pane, right-click the event category you want to audit, and then click Properties.
3.In the Properties dialog box for the event category, shown in Figure 13-10, click one or both of the following:
Q Success, to audit successful attempts for the event categoiy Q Failure, to audit failed attempts for the event category
4.Click OK.
5.Because the changes that you make to your computer’s audit policy take effect only when the policy is propagated (applied) to your computer, do one of the following to initiate policy propagation:
Type gpupdate at the command prompt, and then press Enter. Restart your computer.
Wait for automatic policy propagation. By default, setting changes are applied every 90 minutes on a workstation or server (with a 30-minute random offset) and every five minutes on a domain controller. Settings automatically refresh eveiy 16 hours, regardless of any changes that are made.
Security auditing for get a+ certified online workstations, member servers, and domain controllers can be enabled remotely only by members of the Domain Administrators and Enterprise Administrators groups.
5.In the Apply Onto list, specify where objects are audited. By default, this box is set to This Object And All Child Objects, so any auditing changes that you make to a parent object also apply to all child objects. Where objects are audited depends on the selection in the Apply Onto list and whether the Apply These Auditing Entries
To Objects And/Or Containers Within This Container Only box is selected. These two features are enabled only for objects that act as containers.
6.Click OK to return to the Advanced Security Settings For dialog box for the object.
7.To prevent changes that are made to a parent folder from applying to the currently selected file or folder, clear the Allow Inheritable Auditing Entries From Parent To Propagate To This Object check box. If the check boxes in the Access box are shaded in the Auditing Entry For dialog box for the object, or if the Remove button is unavailable in the Advanced Security Settings free Microsoft practice tests For dialog box for the object,auditing has been inherited from the parent folder.
Click OK.

Processing your request, Please wait....