What do these auditing enhancements do?
In Windows XP, administrators have nine categories of security auditing events that they can monitor for success, failure, or both success and failure. These events are fairly broad in scope and can be triggered by a variety of similar actions, some of which can generate a large number of event log entries.
In Windows Vista® and Windows Server 2008, the number of auditable events is expanded from nine to 50, which enables an administrator to be more selective in the number and types of events to audit. However, unlike the nine basic Windows XP events, these new audit events are not integrated with Group Policy and can only be deployed by using logon scripts generated with the Auditpol.exe command-line tool.
In Windows Server 2008 R2 and Windows 7, all auditing capabilities have been integrated with Group Policy. This allows administrators to configure, deploy, and manage these settings in the Group Policy Management Console (GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU). Windows Server 2008 R2 and Windows 7 make it easier for IT professionals to track when precisely defined, significant activities take place on the network.
Audit policy enhancements in Windows Server 2008 R2 and Windows 7 allow administrators to connect business rules and audit policies. For example, applying audit policy settings on a domain or OU basis will allow administrators to document compliance with rules such as:
Track all group administrator activity on servers with finance information.
Track all the files that are accessed by defined groups of employees.
Confirm that the correct SACL is applied to every file, folder, and registry key when they are accessed.
|
