It is no longer available by default through Active Directory
Users and Computers. In addition, to access the Security tab of an object to specify what actions
you would like to audit, you must check the Advanced Features option in the View menu of Active
Directory Users and Computers.
Windows Server 2008 has four subcategories relating to the Audit Directory Service
Access policy:
?–? Directory Service Access
?– Directory Service Changes
?– Directory Service Replication
?–? Detailed Directory Service Replication
All audit events are sent to the Windows Security Event Log. What??™s exciting about
these new subcategories is that when an object??™s attribute is changed, both the old and
new values of the modified attribute are logged (Table 4-2). Likewise, when a new object is
created, attribute values that are set during the object??™s creation are also logged. When an
object is moved, the old and new locations of the object are logged; when an object is undeleted,
the location where it is restored is logged as well. This detailed logging capability is
useful when you want to track down the history of an object??™s changes. Object deletion is
logged only if you have enabled the Audit Directory Service Access policy.
Global Audit Policy
As shown in Figure 4-27, the Audit Directory Service Access policy can be enabled by
modifying the default domain controller policy.
Pages:
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181