|
Posted by karl levinson, mvp on July 13, 2006, 8:04 am
If you were Registered and logged in, you could reply and use other advanced thread options
> i found that for a secure system u should be auditing ur system
> events??
> i don c how such a thing adds a level of security??
>
> so i decided to audit my system events and logons using the gpedit.msc,
> but i was wondering where r the auditing files stored, where can i view
> the events previously auditted??
> and how can i benefit from it
Auditing lets you control and see what is happening on your system. One day
you will want to know what some user has been doing, or whether your system
has been hacked. Log files such as auditing logs are your friend here. If
you don't configure this before you have this question, that information is
unavailable to you. You don't have to enable auditing if you don't want,
but most people do consider auditing to be necessary on systems where
security is important.
Windows auditing is logged to the Windows Security Event Log. Be careful
not to enable too much auditing. Note that there are a variety of different
kinds of auditing, such as logon auditing and NTFS file access auditing. To
enable file access auditing is a two step process: turn on the auditing in
group policy, and then set the auditing properties on each file and folder
that you wish to audit. More info is at:
http://securityadmin.info/faq.asp?auditing
Recommendations for what levels of auditing to enable are in the Windows
Security Guide for your version of Windows, which can be found at
www.microsoft.com/technet/security
--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info
| 
XML site map