Microsoft Windows 1002000 Professional [Electronic resources]

Rick Wallace

نسخه متنی -صفحه : 156/ 94
نمايش فراداده

Lesson 1: Understanding Auditing

Auditing allows you to track both user activities and Windows 2000 activities, which are called events, on a computer. Through auditing, you can specify that Windows 2000 writes a record of an event to the security log. The security log maintains a record of valid and invalid logon attempts and events related to creating, opening, or deleting files or other objects. An audit entry in the security log contains the following information:

The action that was performed

The user who performed the action

The success or failure of the event and when the event occurred

After this lesson, you will be able to

Describe the purpose of auditing.

Estimated lesson time: 5 minutes

Using an Audit Policy

An audit policy defines the types of security events that Windows 2000 records in the security log on each computer. The security log allows you to track the events that you specify.

Windows 2000 writes events to the security log on the computer where the event occurs. For example, any time someone tries to log on and the logon attempt fails, Windows 2000 writes an event to the security log on the computer.

You can set up an audit policy for a computer to do the following:

Track the success and failure of events, such as logon attempts by users, an attempt by a particular user to read a specific file, changes to a user account or to group memberships, and changes to your security settings.

Eliminate or minimize the risk of unauthorized use of resources.

Using Event Viewer to View Security Logs

You use Event Viewer to view events that Windows 2000 has recorded in the security log. You can also archive log files to track trends over time—for example, to determine the use of printers or files or to verify attempts at unauthorized use of resources.

Lesson Summary

In this lesson, you learned about Windows 2000 auditing, which helps you ensure that your network is secure by tracking user activities and systemwide events. Auditing allows you to have Windows 2000 write a record of these events to the security log. To specify which events to record, you set up an audit policy. You use Event Viewer to view the security log. Each audit entry in the security log contains the action that was performed, the user who performed the action, and the success or failure of the action. You can also archive log files to track trends over time.