Security can be divided into three areas. Authentication is used to prove the identity of a user. Authorization gives access to the user that was authenticated. To complete the security picture, you need to enable auditing so that you can have a record of the users who have logged in and what the user accessed or tried to access.

It is important that you protect your information and service resources from people who should not have access to them, and at the same time make those resources available to authorized users. Along with authentication and authorization, you can also enable auditing
so that you can have a record of:
• Who has successfully logged in
• Who has attempted to log in but failed
• Who has changed accounts in Active Directory
• Who has accessed or changed certain files

Enabling Auditing 1

Enabling Auditing

Figure 1 Audit events in the local security policy

• Who has used a certain printer
• Who restarted a system
• Who has made some system changes

Auditing is not enabled by default. To enable auditing, you specify what types of system events to audit using Group Policy or the local security policy (Security SettingsLocal PoliciesAudit Policy). See Figure 1. Table 1 shows the basic events to audit that are available in  Windows Server  2003 and 2008. Windows Server 2008 has additional options for more granular control. After you enable logging, you then open the Event Viewer security logs to view the security events.

Enabling Auditing

Table 1 : Audit Events

Enabling Auditing 2

Table 1 : Audit Events Continued

Auditing NTFS files, NTFS folders, and printers is a two-step process. You must first enable Object Access using Group Policy. Then you must specify which objects you want to audit.

Audit Files and Folders

To audit files and folders, perform these steps:
1. Open Windows Explorer.
2. Right-click the file or folder that you want to audit, click Properties, and then click the Security tab.
3. Click Edit, and then click Advanced.
4. In the Advanced Security Settings for <object> dialog box, click the Auditing tab.
5. Click the Edit button.
6. Do one of the following:
• To set up auditing for a new user or group, click Add. In Enter the object name to select, type the name of the user or group that you want, and then click OK. See Figure 2.

Enabling Auditing 4

Enabling Auditing

Figure 2 Auditing an NTFS folder

• To remove auditing for an existing group or user, click the group or username, click Remove, click OK, and then skip the rest of this procedure.
• To view or change auditing for an existing group or user, click its name, and then click Edit.

7. In the Apply onto box, click the location where you want auditing to take place.
8. In the Access box, indicate what actions you want to audit by selecting the appropriate check boxes:
• To audit successful events, select the Successful check box.
• To stop auditing successful events, clear the Successful check box.
• To audit unsuccessful events, select the Failed check box.
• To stop auditing unsuccessful events, clear the Failed check box.
• To stop auditing all events, click Clear All.
9. If you want to prevent subsequent files and subfolders of the original object from inheriting these audit entries, select the Apply these auditing entries to objects and/ or containers within this container only check box.
10. Click OK to close the Advanced Security Settings dialog box.
11. Click OK to close the Properties dialog box.

Audit Printing

To audit printing in Windows Server 2008, perform these steps:
1. Right-click the printer in Devices and Printers, and select Printer Properties.
2. Select the Security tab, and click the Advanced button.
3. Select the Auditing tab.
4. Click the Add button and
• To set up auditing for a new user or group, click Add. In Enter the object name to select, type the name of the user or group that you want, and then click OK.
• To remove auditing for an existing group or user, click the group or username, click Remove, click OK, and then skip the rest of this procedure.
• To view or change auditing for an existing group or user, click its name, and then click Edit.
5. Click OK to close the Advanced Security Settings dialog box.
6. Click OK to close the Properties dialog box.

Because the security log is limited in size, select only those objects that you need to audit
and consider the amount of disk space that the security log will need. The maximum size of
the security log is defined in Event Viewer by right-clicking Security Log and selecting the
Properties option.

This lesson is a part of File and Print Services chapter from 98-365 Windows Server Administration Fundamentals Prep course. More lessons in this chapter are

Introducing NTFS

NTFS is the preferred file system in part because it supports much larger hard disks and a higher level of ...
Read More

Sharing Drives and Folders

Sharing drives and folders is a common practice as most users are not going to log onto a server directly ...
Read More

Looking at Printers

One basic network service is network printing, in which multiple users can share the same printer. This is a cost-effective ...
Read More

Enabling Auditing

Security can be divided into three areas. Authentication is used to prove the identity of a user. Authorization gives access ...
Read More

The Practice tests included in this course are:

98-365 Windows Server Administration Fundamentals Practice Test 1

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 1 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 2

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 2 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 5

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 5 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 4

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 4 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 3

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 3 This page shows the instructions for 98-365 Windows Server Administration ...
Read More