For example, you can now log changes to attributes,
which means you can log old values and new values. Auditing shouldn??™t be taken lightly,
as many changes are made to Active Directory over the course of a day or even a
few hours, and too much auditing can adversely impact performance and drastically
increase your storage requirements. This can also create a lot of event log ???clutter??? that
requires filtering to locate events in which you are truly interested. Careful planning of
what events to log and how frequently to purge or save the log to offline storage can
either make or break an audit policy.
Auditing is enabled by modifying the default domain controller policy. When defining
your audit policy, you should specify whether to audit success or failure, or not audit at
all. Remember that just because you??™ve enabled auditing by modifying the default domain
controller policy, you will still need to modify the system access control list (SACL) of an
object you want to audit. This allows you to be very granular while defining in which audit
events you are actually interested. As you can see in Figure 4-27, I have enabled success
and failure auditing of directory service access for my Windows Server 2008 domain.
Figure 4-27. Group Policy Management Editor showing default domain controller audit policy
134 Microsoft Windows Server 2008 Administration
TIP You must install the Group Policy Management feature if you want to manage group policies
from your Windows Server 2008 server.
Pages:
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180