Advanced Security Settings Properties Page - Auditing Tab
Applies To: Windows Server 2008
Requirements for Auditing Object Access
Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.
The most common types of events to be audited are:
Access to objects, such as files and folders.
Management of user accounts and group accounts.
Users logging on to and logging off from the system.
When you implement audit policy:
If you want to audit directory service access or object access, determine which objects you want to monitor access of and what type of access you want to monitor. For example, if you want to audit any attempts by users to open a particular file, you can configure auditing policy settings in the object access event category so that both successful and failed attempts to read a file are recorded.
Specify the categories of events that you want to audit. Examples of event categories are user logon, user logoff, and account management. The event categories that you select constitute your audit policy. For more information about each event category, see Audit Policies.
Set the size and behavior of the Security log. You can view the Security log with Event Viewer.
You can have one or more auditing entry for the same user or group depending on the type of auditing, where it was inherited from, the type of access, and what it will be applied to.
Names the currently selected object.
Displays each auditing entry for this object:
Include inheritable auditing entries from this object's parent
When selected, inheritable auditing entries from the object's parent will be written to the Security log.
Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries from this object
When selected, auditing settings on this parent object will replace those on its descendant objects.
When deselected, auditing settings on each object, whether parent or its descendant, can be unique.