Use of Windows Server 2008 Audit Potential

The Windows Server 2008 system, with its superior system capabilities, high levels of intelligence, and even more secure performance, attracts many friends to create conditions for a taste test. After a period of intimate contact with the Windows Server 2008 system, we found that the less-than-usual "auditing" feature became more powerful, with the ability to track and monitor everything on the server system. And according to the monitoring results to quickly troubleshoot the server system and ensure the operation of the server system security. This article now explores the auditing capabilities of the Windows Server 2008 system to make it easier for your friends to better serve themselves.

Enable the configuration auditing feature

The auditing features of the Windows Server 2008 system are not enabled by default, and we must enable and configure their auditing capabilities for specific system events so that the functionality is monitored and logged for the same type of system events. The network administrator will be able to see the audit results as soon as they open the log records of the corresponding system. Audit function of the application of a wide range, not only can the server system for some of the operation of the tracking, monitoring, but also in accordance with the operating state of the server system to quickly eliminate the operation of the fault. Of course, it is important to remind friends that the auditing feature is enabled to consume some of the valuable resources of the server system and to degrade the performance of the server system because the Windows Server 2008 system must free up a portion of the space resources to hold the monitoring of the audit function and record the results. For this reason, in the case of limited space resources in the server system, we should use the audit function with caution and make sure that the feature only monitors and records some of the most important operations.

In enable, when configuring the auditing features of the Windows Server 2008 system, we can login to the corresponding system with system super privileges, open the Start menu in the System desktop, click Settings, Control Panel commands in the System Control Panel window System and maintenance, administrative Tools icon, in the list of administrative tools that appears, locate the Local Security policy icon, and then double-click the icon to open the Local Security Policy console window.

Second, in the left pane of the Target Console window, expand the security Settings/Local Policy/Audit Policy Branch options, and in the right pane of the Audit Policy Branch option, we will find that the Windows Server 2008 system contains nine audit policies. That is to say, the server system allows you to track and record nine types of operations, as shown in Figure 1.

Figure 1 Local Security policy