Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Group Policy Auditing Quick Reference Guide PDF

    Hochgeladen von

    nicolepetrescu
    2 Ansichten1 Seite

    Originaltitel

    Group_Policy_Auditing_Quick_Reference_Guide.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    2 Ansichten1 Seite

    Group Policy Auditing Quick Reference Guide PDF

    Hochgeladen von

    nicolepetrescu

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 1

    Quick Reference Guide

    Group Policy Auditing


    Windows 2008-2012R2

    Audit Policy Settings


    Run GPMC.msc (url2open.com/gpmc) > open Default Domain Controllers Policy > Computer
    Configuration > Policies > Windows Settings > Security Settings:
    Advanced Audit Policy Configuration > Audit Policies > Object
    Access > Audit File System > Define > Success and Failures
    Advanced Audit Policy Configuration > Audit Policies > Object
    Access > Audit Handle Manipulation > Define > Success and
    Failures
    Local Policies > Audit Policy > Audit directory service access >
    Event ID
    Define > Success and Failures Reference
    Object-level GP Auditing (2008-2012)
    Open ADSI Edit (url2open.com/adsi) > Connect to Default naming
    context > DC=domain name > CN=System > right click CN=Policies >
    Properties > Security (Tab) > Advanced > Auditing (Tab) > Click Add 4662 - An operation was
    > Choose the following settings: performed on an object
    Principal: Everyone; Type: Success; Applies to: This object and all
    descendant objects; Permissions: Create groupPolicyContainer (Object Type:
    objects, Delete groupPolicyContainer objects > Click OK
    groupPolicyContainer)
    Sysvol-level GP Auditing
    4663 - Object access attempt
    Navigate to the \\domainname\sysvol\domainfqdn > right-click
    Policies folder and select Properties (Task Category: File System)
    Select the Security tab > Advanced button > Auditing tab > Click
    Add
    Select Principal: Everyone; Select Type: All; Select Applies to: This
    folder, subfolders and files; Select the following Advanced
    Permissions: Create files / write data; Create folders / append data;
    Write attributes; Write extended attributes; Delete; Delete subfolders
    and files
    Click OK three times
    To define what group policy setting was modified filter Event Viewer
    for Event ID 4663 and search for Object Name: string, where you
    can find the path to policy setting that was changed

    Security Event Log Settings


    Run GPMC.msc > open Default Domain Controllers Policy >
    Computer Configuration > Policies > Windows Settings > Security
    Settings > Event Log > Define:
    Maximum security log size to 1gb
    Retention method for security log to Overwrite events as needed
    Open Event viewer on any domain controller and search Security log
    for event ids listed in the Event ID Reference box

    Gain #completevisibility into all activity going on in your AD and GP


    for free with Netwrix Auditor for Active Directory:
    netwrix.com/go/trial-ad

    Corporate Headquarters: Toll-free: 888-638-9749 Int'l: 1-949-407-5125


    300 Spectrum Center Drive, Suite 1100, EMEA: 44 (0) 203-318-0261 netwrix.com/social
    Irvine, CA 92618

    Das könnte Ihnen auch gefallen