1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
 Overview User Accounts Groups User Rights Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
11 MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Ch 11 Managing System Reliability and Availability 1.
Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2008
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Chapter Six Windows XP Security and Access Controls.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Configuring Encryption and Advanced Auditing
1 Objectives Audit Policies Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer Windows Firewalls.
1 Chapter Overview Configuring and Troubleshooting the Display Configuring Power Management Configuring Operating System Settings Configuring and Troubleshooting.
Module 14: Configuring Server Security Compliance
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
NetTech Solutions Configuring Security Settings and Internet Options Chapter Sixteen.
1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.
Module 13: Monitoring Resources and Performance. Overview Using Task Manager to Monitor System Performance Using Performance and Maintenance Tools to.
Module 10: Implementing Administrative Templates and Audit Policy.
Understand Audit Policies LESSON Security Fundamentals.
L Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations.
1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
1 Administering a Security Configuration Security Configuration Overview Auditing Using Security Logs User Rights Using Security Templates Security Configuration.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
MONITORING MICROSOFT WINDOWS SERVER 2003
Bethesda Cybersecurity Club
Presentation transcript:

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer

2 Auditing Auditing is a network security tool that lets you track User activities Microsoft Windows XP Professional events Windows XP Professional can record events in the security log. Valid and invalid logon attempts Events related to creating, opening, or deleting files or other objects

3 Using an Audit Policy An audit policy defines the types of events recorded in the security log. Windows XP Professional writes events to the security log on the computer where the event occurs. You can set up an audit policy for a computer to Track the success and failure of events Minimize the risk of unauthorized use of resources

4 Determining What to Audit Determine which computers need auditing. Auditing is turned off by default. Plan what to audit on each computer.

5 Selecting Events to Audit Accessing files and folders Logging on and off Shutting down and restarting a computer Changing user accounts and groups Attempting to make changes to objects in the Active Directory service

6 Auditing Successful Events and Failed Events Tracking successful events Tells you how often Windows XP Professional or users access objects Helps you plan resources Tracking failed events Alerts you to security breaches Identifies frequent failed logon attempts

7 Auditing Policy Guidelines Determine if you need to track system usage trends. Review security logs frequently. Define a useful, meaningful, and manageable audit policy.

8 Configuring Auditing Auditing requirements You must have the Manage Auditing And Security Log user right. The files and folders to be audited must be on NT file system (NTFS) volumes. Setting up auditing is a two-part process. Set the audit policy. Enable auditing of specific resources.

9 Setting an Audit Policy

10 Auditing Access to Files and Folders If security breaches are an issue, set up auditing for files and folders on an NTFS volume. Set up your audit policy to audit object access, and then Enable auditing for specific files and folders Specify which types of access to audit

11 Events That Can Be Audited for Files and Folders

12 Auditing Access to Printers Audit access to printers to track access to sensitive printers. Set your audit policy to audit object access. Enable auditing for specific printers. Specify the type of access to audit. Specify which users will have access.

13 Printer Events That Can Be Audited

14 Understanding Windows XP Professional Logs Use Event Viewer to view Windows XP Professional logs. By default, Event Viewer contains three logs: Application log Security log System log

15 Viewing Security Logs Type column: shows successful events (with a key icon) and unsuccessful events (with a lock icon) Date column: shows the date the event occurred Time column: shows the time the event occurred Source column: shows the software that recorded the event (it can be an application or a component of the system) Category column: shows the type of event, such as object access, account management, directory service access, or logon events Event column: shows the EventID User column: lists the user who succeeded or failed in the security access attempt Computer column: shows the computer the event occurred on

16 Locating Events

17 Managing Logs You can control the maximum size of the logs. The default size is 512 KB. The maximum size is 64 KB to 4 GB. You can specify what to do when a log is full. Overwrite events as needed. Overwrite events older than x days. Do not overwrite events.

18 Archiving Logs Keep logs for a specified period to track security-related information over time. Configure logs in Event Viewer. Archive the log. Clear the log. View an archived log.

19 Chapter Summary Auditing helps ensure that your network is secure by tracking user activities and system-wide events. Windows XP Professional records audited events in the security log. In planning an audit policy, you must decide on which computers to set up auditing and what to audit on each one. After you set your audit policy to audit object access, you can enable auditing for specific files, folders, and printers and specify which types of access to audit.

20 Chapter Summary (Cont.) You must have the Manage Auditing And Security Log user right for the computer on which you want to configure an audit policy or review an audit log. You use the Group Policy snap-in to set audit policies. You use Event Viewer to view the contents of the Windows XP Professional logs. Windows XP Professional has the following three logs by default: the application log, the security log, and the system log.

21 Chapter Summary (Cont.) You use the Filter and Find commands in Event Viewer to easily locate specific events or types of events. You view the security log on a remote computer by opening the MMC console and pointing Event Viewer to the remote computer. You manage the Windows XP Professional logs by archiving them (to allow you to track trends over time) and by controlling the size of the log files.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.