https://technet.microsoft.com/en-us/library/79fe2474-6cdd-4411-8aee-20f9520ff3c8
Security Auditing
Updated: January 25, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
This navigation topic for the IT professional describes the
documentation available to plan, implement, and monitor events by using
features found in Windows Security Auditing.
Security auditing is one of the most powerful tools that you
can use to maintain the security of your system. As part of your overall
security strategy, you should determine the level of auditing that is
appropriate for your environment. Auditing should identify attacks
(successful or not) that pose a threat to your network, and attacks
against resources that you have determined to be valuable in your risk
assessment.
Note |
Windows Security Auditing documentation has been republished to
include additional versions of Windows. For updated information and
links to current topics, see Security Auditing Overview. |
-
Advanced Security Auditing Walkthrough
This step-by-step guide uses Windows Server 2008 R2 and Windows 7 to
demonstrate the process of setting up an advanced audit policies
infrastructure in a test environment. During this process, you will
create an Active Directory domain, install Windows Server 2008 R2 on a
member server, install Windows 7 on a client computer, and configure two
advanced audit policies.
-
Advanced Security Auditing FAQ
This topic lists common questions and their answers about understanding, deploying, and managing security audit policies.
-
Which Editions of Windows Support Advanced Audit Policy Configuration
This topic provides information about the versions of
Windows that support advanced audit policy configuration, in addition to
special considerations that apply to various tasks associated with
auditing enhancements.
-
Planning and Deploying Advanced Security Audit Policies
This topic explains the options that security policy planners
must consider and the tasks they must complete to deploy an effective
security audit policy in a network. Advanced security audit policies
were introduced in Windows 7 and Windows Server 2008 R2, but they also
apply to other versions. This topic also lists the supported versions.
-
Auditpol
This topic provides syntax and examples for using the Auditpol
command-line tool. Auditpol can be used to display information about
audit policies and to perform functions to manipulate them.