Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Auditing Active Directory objects

Auditing Active Directory objects

If you configure a GPO to enable the Audit Directory Service Access option, you can set the level of auditing for Active Directory objects so that you can control precisely how object usage is tracked.

To configure object auditing, follow these steps:

1. In Active Directory Users And Computers, ensure that Advanced Features is selected on the View menu, and then access the container for the object.

2. Double-tap or double-click the object to be audited to open the related Properties dialog box.

3. Tap or click the Security tab, and then tap or click Advanced.

4. In the Advanced Settings dialog box, tap or click the Auditing tab. The Auditing Entries list shows the users, groups, or computers whose actions you are auditing currently (if any). To remove an account, select the account in the Auditing Entries list, and then tap or click Remove.

5. To add specific accounts, tap or click Add to display the Auditing Entry dialog box. Tap or click Select A Principal to display the Select User, Computer, Service Account, Or Group dialog box.

6. Enter the name of a user, computer, or group in the current domain, and then tap or click Check Names. If a single match is found, the dialog box is automatically updated and the entry is underlined; otherwise, you’ll get an additional dialog box. If no matches are found, you either entered the name incorrectly or you’re working with an incorrect location. Modify the name in the Name Not Found dialog box and try again, or tap or click Locations to select a new location. When multiple matches are found, in the Multiple Names Found dialog box, select the name you want to use, and then tap or click OK.

7. Tap or click OK to return to the Auditing Entry dialog box. Use the Applies To list to specify how the auditing entry is to be applied.

8. Use the Type list to specify whether you are configuring auditing for success, failure, or both, and then specify which actions should be audited. Success logs successful events, such as a successful attempt to modify an object’s permissions. Failed logs failed events, such as a failed attempt to modify an object’s owner.

9. Tap or click OK. Repeat this process to audit other users, groups, or computers.

Оглавление книги

Генерация: 0.581. Запросов К БД/Cache: 3 / 1
Вверх Вниз