Its no big secret that Windows Server 2003 allows you to perform auditing in fine granular detail. The only problem is that if you audit too many events, your audit logs will be huge and looking for a specific event in the security logs will be like looking for the proverbial needle in the haystack. Because of this, I always recommend that organizations audit only the events that would most likely reflect a security breach or an attempted security breach. These events usually consist of logon failures, account management successes and failures, and successful or failed policy changes. These and other common events can easily be audited by enabling the appropriate audit option within the group policy.
No comments:
Post a Comment