• Advanced audit policy settings
    		•

    "Reason for access" settings




    Download 129,34 Kb.
    bet89/104
    Sana01.04.2021
    Hajmi129,34 Kb.
    #13818
    1   ...   85   86   87   88   89   90   91   92   ...   104

    "Reason for access" settings


    There are several events in Windows to audit whenever an operation was successful or unsuccessful. The events usually include the user, the object, and the operation, but they lack the reason why the operation was allowed or denied. Forensics analysis and support scenarios are improved in Windows Server 2008 R2 and Windows 7 by logging the reason, based on specific permissions, why someone had access to corporate resources.

    Advanced audit policy settings


    In Windows Server 2008 R2 and Windows 7, enhanced audit policies can be configured and deployed by using domain Group Policy, which reduces management cost and overhead and significantly enhances the flexibility and effectiveness of security auditing.

    The following sections describe the new events and event categories that are available in the Advanced Audit Policy Configuration node of Group Policy.



    Download 129,34 Kb.
    1   ...   85   86   87   88   89   90   91   92   ...   104




    Download 129,34 Kb.