• Applying audit policy settings.
  • Developing an audit policy model.
  • Important
  • Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
    		•

    Are there any special considerations?




    Download 129,34 Kb.
    bet86/104
    Sana01.04.2021
    Hajmi129,34 Kb.
    #13818
    1   ...   82   83   84   85   86   87   88   89   ...   104

    Are there any special considerations?


    A number of special considerations apply to various tasks associated with auditing enhancements in Windows Server 2008 R2 and Windows 7:

    Creating an audit policy. To create an advanced Windows security auditing policy, you must use the GPMC or Local Security Policy snap-in on a computer running Windows Server 2008 R2 or Windows 7. (You can use the GPMC on a computer running Windows 7 after installing the Remote Server Administration Tools.)

    Applying audit policy settings. If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running Windows Server 2008 R2 or Windows 7. In addition, only computers running Windows Server 2008 R2 or Windows 7 can provide "reason for access" reporting data.

    Developing an audit policy model. To plan advanced security audit settings and global object access settings, you must use the GPMC targeting a domain controller running Windows Server 2008 R2.

    Distributing the audit policy. After a Group Policy object (GPO) that includes advanced security auditing settings has been developed, it can be distributed by using domain controllers running any Windows server operating system. However, if you cannot put client computers running Windows 7 in a separate OU, you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced policy settings are applied only to client computers running Windows 7.

    Note

    Advanced audit policy settings can also be applied to client computers running Windows Vista. However, the audit policies for these client computers must be created and applied separately by using Auditpol.exe logon scripts.



    Important

    Using both the basic audit policy settings under Local Policies\Audit Policy and the advanced settings under Advanced Audit Policy Configuration can cause unexpected results. Therefore, the two sets of audit policy settings should not be combined. If you use Advanced Audit Policy Configuration settings, you should enable the Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings policy setting under Local Policies\Security Options. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.  

    In addition, to plan and deploy security event auditing policies, administrators need to address a number of operational and strategic questions, including:

     Why do we need an audit policy?

     Which activities and events are most important to our organization?

     Which types of audit events can we omit from our auditing strategy?

     How much administrator time and network resources do we want to devote to generating, collecting, and storing events, and analyzing the data?


    Download 129,34 Kb.
    1   ...   82   83   84   85   86   87   88   89   ...   104




    Download 129,34 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Are there any special considerations?

    Download 129,34 Kb.