لطفا منتظر باشید ...
Publisher| AuditingNotes |
being paranoid and creates huge overhead on your system (your
security log will be full in no time). Instead, be selective in what
you audit, focusing on auditing failures for security tracking and on
successes for resource access. Also, don't configure
auditing on every computer in your network. Each computer has its own
specific roles, resources, and vulnerabilities. You
don't want to spend all your nights and weekends
reviewing security logs!If you're going to audit successes for tracking
resource usage, you should probably archive your logs regularly. This
saves disk space. Also, remember that auditing is of no use if you
don't regularly check your security logs for
problems. Schedule a time when you can do this or it
won't get done!Before configuring an audit policy, check the settings for the
security log in Event Viewer, and check the available space on your
disk to make sure that old log events aren't
overwritten unexpectedly.Audit access by the Everyone group if you are concerned about
unauthorized users attempting to access file and print resources or
Active Directory objects.
Permission to Audit
To configure an audit policy,
you must either be a member of the
Administrators group or be granted the "Manage
auditing and security log" right in Group Policy.
Multiple Audit Policies
Domain-level audit
policies
override locally configured ones. See Group
Policy later in this chapter for how different levels of
policies combine.
See Also
Event Logs , Group Policy
