Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant
Auditing the registry
Auditing the registry
If you configure a GPO to enable the Audit Object Access option, you can set the level of auditing for keys within the registry. This enables you to track when key values are set, when subkeys are created, and when keys are deleted.
You can configure registry auditing by following these steps:
1. Open the Registry Editor. At a command prompt, enter regedit; or enter regedit in the Everywhere search box, and then press Enter.
2. Browse to a key you want to audit. On the Edit menu, select Permissions.
3. In the Permissions dialog box, tap or click Advanced. In the Advanced Security Settings dialog box, tap or click the Auditing tab.
4. Tap or click Add to display the Auditing Entry dialog box. Tap or click Select A Principal to display the Select User, Computer, Service Account, Or Group dialog box.
5. In the Select User, Computer, Service Account, Or Group dialog box, enter Everyone, tap or click Check Names, and then tap or click OK.
6. In the Auditing Entry dialog box, only basic permissions are listed by default. Tap or click Show Advanced Permissions to display the special permissions.
7. Use the Applies To list to specify how the auditing entry is to be applied.
8. Use the Type list to specify whether you are configuring auditing for success, failure, or both, and then specify which actions should be audited. Typically, you’ll want to track the following advanced permissions:
? Set Value — Successful and Failed
? Create Subkey — Successful and Failed
? Delete — Successful and Failed
9. Tap or click OK three times to close all open dialog boxes and apply the auditing settings.
- 4.4.4 The Dispatcher
- About the author
- Chapter 7. The state machine
- Appendix E. Other resources and links
- Example NAT machine in theory
- The final stage of our NAT machine
- Compiling the user-land applications
- The conntrack entries
- Untracked connections and the raw table
- Basics of the iptables command
- Other debugging tools
- Setting up user specified chains in the filter table