Friday 21 November 2014

In , //

Configuring auditing for Group Policy Changes in Windows Server 2012 R2

Business Requirements of organizations using MS Active Directory Technology can be met using Group Policy Objects. It is very important to ensure the security of Group Policy objects
as it may hamper the IT network of your organization resulting in downtime and unavailability of resources.
In order to audit specific Object access you need to enable auditing of appropriate type of object category/subcategory access. For example, to audit File Share, you need to enable File Share auditing in Advanced Security Audit Policy Settings -> Object Access -> Audit File Share.

Enabling File Share auditing allows you to analyze in detail what content was accessed by whom from what system using which port. In this article we would see how to enable Object Access auditing in Windows Server 2012 R2. You can then go on to check the audit logs to analyze each change in detail.
  1. Enabling File Share auditing allows you to analyze in detail what content was accessed by whom from what system using which port. In this article we would see how to enable Object Access auditing in Windows Server 2012 R2. You can then go on to check the audit logs to analyze each change in detail.
  2. New GPO dialog box opens up. Enter a name for the new GPO and click on the OK button.

  3. Next, right-click on the newly created GPO and click on “Edit” from the popup menu.

  4. Now open Group Policy Management Editor. Expand Computer Configuration. Expand Policies. Expand Windows Settings. Expand Security Settings. Expand Advanced Audit Policy Configuration. Expand Audit Policies. Select Object Access.

  5. In the right-pane, double-click on Audit Detailed File Share. Audit Detailed File Share Properties dialog-box opens up. Policy is the default selected tab. Select the “Configure the following events” check box. Select both Success and Failure and click on OK.

After you click on the OK button, the audit policy gets configured. To view the logs, open Event Viewer, then double-click on the Windows log and then click on Security to view the log in the right-pane.

wordpress