What should be audited on a DC

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All

What audit policies should I configured to be view in event viewer on a Domain Controller

Many thanks
 
That depends on what you want to monitor and how much time you have to do
such. Generally for domain controllers you want to audit at least account
logon events for sucess and failure and probably system events, policy
change, and account management. If you audit everything then your logs fill
up very quickly with events that make it hard to see what you really need to
see and can impair performance on your computers. There may be other
categories you may want to audit on certain occassions [such as object
access/folder auditing] or for situations that require higher level of
security. Be sure to increase the size of your security logs quite a bit
from default and learn how to use the filter view and free tools like Event
Comb. The links below may be helpful. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch03.mspx
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx
 
Thank you Steve

----- Steven L Umbach wrote: ----

That depends on what you want to monitor and how much time you have to d
such. Generally for domain controllers you want to audit at least accoun
logon events for sucess and failure and probably system events, polic
change, and account management. If you audit everything then your logs fil
up very quickly with events that make it hard to see what you really need t
see and can impair performance on your computers. There may be othe
categories you may want to audit on certain occassions [such as objec
access/folder auditing] or for situations that require higher level o
security. Be sure to increase the size of your security logs quite a bi
from default and learn how to use the filter view and free tools like Even
Comb. The links below may be helpful. --- Stev

http://www.microsoft.com/technet/security/guidance/secmod144.msp
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch03.msp
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.msp
 
Back
Top