Академический Документы
Профессиональный Документы
Культура Документы
Hi guyz
Today lets go through a very simple guide on how to create a Group Policy Object (GPO) for
advanced auditing in Server 2012 R2
Before we start, take a note that auditing logs report a variety of activities in your enterprise
to the Windows Security Log.
You can then monitor these auditing logs to identify issues that warrant further investigation.
It can also log failed and potentially malicious attempts to access enterprise resources.
When configuring auditing, you will specify audit settings, enable an audit policy, and then
monitor events in the security logs.
** Please be inform that for this demo Im using my existing small infrastructure which is
consist of DC01.comsys.local, SVR01.comsys.local and Surface01.comsys.local (Windows 8
client )
1 On your Domain Server1 (DC01), please create a new GPO, open Group Policy
Management, and then right click Comsystem File Server OU (This OU contain my File Server
which is SVR01.comsys.local), and click Create a GPO in this domain and Link it here
2 In the New GPO box, type Comsys File Audit, and then press Enter
6 You may choose Audit Removable Storage and do the same step like above step
7 Next, log in to your Client PC, in my case is my Surface01 PC.. log in as any user
8 On the Windows 8 desktop, open Run and type \\svr01\IT notes, and then press Enter
(please take note that in my SVR01.comsys.local, I already have my existing sharing folder call
IT Notes for this demo)
9 -Next, open IT Notes folder and open the existing file which is MS Office 365.txt, then close it
back
10 Next, log in to SVR01 server, and open Event Viewer, in Event Viewer, double-click
Windows Logs, and then click Security.
Double-click one of the log entries with a Source of Microsoft Windows security auditing, and
a Task Category of Detailed File Share.
Click the Details tab, and note the access that was performed.