audit policy

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys,

Im reading a microsoft press book, im a bit stuck on the section about audit policy, I understand what it is and how it works but what I cant figure out (what the book doesnt say) is how to set it up, to record and view events, i want to test failed logon attempts, I figured out object access

thanks

Danny

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

+firstly, you have enable auditing either by using ad or the lgpo (gpedit.msc), drill down to computer config\windows settings\security settings\local policies\audit policy. enable what you want to do there.

then goto the folder or resource you want to audit and then goto the security settings\advanced and choose the audit tab and add the auditing options in there.

logon events though should be audited just bgy doing the first bit and will appear in the security event viewer.

 

Thankyou so much

Why doesn't the book tell me this, oh well, now I know

Danny