UEU-co logo

ch11lev1sec6.html


Previous Page Next Page

Enabling the Auditing Policy

For an individual policy to take effect in a GPO, you must enable and configure that policy (as discussed at the end of the last section). The policies that you enable in a GPO and how you apply that GPO to a domain or other Active Directory container depend on your overall plan for controlling the network environment for your users and computers. Some networks require very tight control using Group Policy, whereas others do not require the same intensity (and amount of work for the network administrator) in relation to the Group Policy configuration.

Whether or not you totally buy into the controls provided by Group Policy, a useful ability for any network administrator is the ability to audit events on your domain controllers, such as successful or unsuccessful logons. So, it makes sense to take a look at how you enable the audit policy in a GPO. (This also enables you to walk through the process of configuring another policy in a GPO—the more you enable and configure, the more it makes sense.)

Let’s say that you want to enable certain aspects of the Audit policy at the domain level. You would follow these steps:

1. Open the Group Policy Management snap-in (Start, Administrative Tools, Group Policy Management).

2. In the snap-in tree, locate the GPO that you want to edit (such as the default domain policy or a GPO that you’ve created to practice with).

3. Right-click the GPO and select Edit from the shortcut menu. The Group Policy Object Editor opens, with the GPO that you selected open in the snap-in.

4. Expand the Computer Configuration node and the Windows Settings node. Expand the Security Settings node and then the Local Policies node. The various local policies should appear in the Details pane, as shown in Figure 11.12.

Figure 11.12. Local security settings include policies for auditing object access and account logon events.

[View full size image]

5. To enable and configure an audit policy such as the Audit Account Logon events policy, double-click the policy in the Details pane. The Properties dialog box for the policy opens.

6. In the case of the Audit Account Logon Events policy (see Figure 11.12), click the Define These Policy Settings check box. To audit both successful and failed logon attempts, select both the Success and Failure check boxes.

Figure 11.13. You can enable policies that allow logon events to be logged.

7. To close the Properties dialog box, click OK.

Now account logon events (such as a failed logon) will be logged in the security log of the Event Viewer. You can enable and configure other Audit policies as needed.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited