2010-03-29

Advanced Security Auditing FAQ.

Jag sprang på en intressant sida om audit policys.
Den är i skrivande stund senast uppdaterad 2010-01-18, men teamet som skrivit sidan har gått ut och sagt att man vill fortsätta och lägga till nya saker på denna sida när/om de dyker upp.
Ämnen som täcks är (jag kör en copy-paste och hoppar över att översätta, ren lathet..):
  • What is Windows security auditing and why might I want to use it?
  • What is the difference between audit policies located in Local Policies\Audit Policy and audit policies located in Advanced Audit Policy Configuration?
  • What is the interaction between basic audit policy settings and advanced audit policy settings?
  • How are audit settings merged by Group Policy?
  • What is the difference between an object DACL and an object SACL?
  • Why is audit policy applied on a per-computer basis rather than per user?
  • What are the differences in auditing functionality between versions of Windows?
  • Can I use advanced audit policy from a domain controller running Windows Server 2003 or Windows 2000 Server?
  • What is the difference between success and failure events? Is something wrong if I get a failure audit?
  • How can I set an audit policy that affects all objects on a computer?
  • How do I figure out why someone got access to a resource?
  • How do I know when changes to access control are made, by whom, and what the changes were?
  • How can I monitor whether changes are made to audit policy settings?
  • How can I minimize the number of events that are generated?
  • What are the best tools to model and manage audit policy?
  • Where can I find information about all the possible events I might receive?
  • Where can I find more detailed information?

Orginalsidan hittar man här:

Inga kommentarer:

Skicka en kommentar

Related Posts Plugin for WordPress, Blogger...