7.2.2: Audit Policy
Audit policy settings provide the ability to track the success and failure of various authentication related events. Unlike 2000, server 2003 domain controllers have a number of audit settings configured by default through the Domain Controllers policy.
The following are authentication related audit policy settings:
-
Audit Account Logon Events: Intended mainly for Domain Controllers which authenticate users as they log on to other computers and records each instance of a user logging on
-
Audit Account Management: Records local account management events on a Member Server, such as creating, modifying or deleting a user object.
-
Audit Logon Events: Used to record users logging on or off of their local computer and helps track which user was accessing the computer when a specific event occurred
-
Audit Object Access: Used to monitor a resource such as file, folder or registry key once auditing is enabled
-
Audit Policy Changes: Helps track changes by an Administrator to a computers security configuration
All audited events are recorded in the Security log of the Event Viewer and can be read by a member of the Administrators group.
The following screen shot shows the default Domain Security Policy Settings
