Introduction
As a network administrator responsible for managing Windows Server, it’s important that you know how to enable auditing. By using auditing, you can implement forensic analysis, verify regulatory compliance, monitor user activity, and troubleshoot your Windows Server environment. In addition, auditing the ongoing activity on your network is one of the critical security practices in your organization. By auditing events related to security, you can obtain early notice of potential malicious activity and evidence if a breach has occurred.
In this module, you will:
Learn about basic and advanced auditing categories.
Describe how to log user access.
Enable setup and boot event collection.
Learning objectives
Audit Windows Server events.
Configure Windows Server to record diagnostic information.
Prerequisites
To get the best learning experience from this module, you should have:
Working knowledge of common Windows Server management tools.
Some experience of typical Windows Server workloads.
Basic knowledge of Windows PowerShell.