Windows Server 2008 Auditing Overview

Posted: June 21, 2011 in Active Directory, Server, Server 2008, System Information
Tags: , ,

Windows Server 2008 provides several categories of events that you can audit, as described in the following list:


■ Account Logon Events:  Track user logon and logoff via a user account.

■ Account Management:  Track when a user account or group is created, changed, or

deleted; a user account is renamed, enabled, or disabled; or a password is set or changed.

■ Directory Service Access:  Track access to Active Directory.

■ Logon Events:  Track nonlocal authentication events such as network use of a resource or a remote

service that is logging on by using the local system account.

■ Object Access:  Track when objects are accessed and the type of access performed—for example,

track use of a folder, file, or printer. Configure auditing of specific events through the object’s

properties (such as the Security tab for a folder or file).

■ Policy Change:  Track changes to user rights or audit policies.

■ Privilege Use:  Track when a user exercises a right other than those associated with logon and


■ Process Tracking:  Track events related to process execution, such as program execution.

■ System Events:  Track system events such as restart, startup, shutdown, or events that affect

system security or the security log.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s