Doing so globally enables all directory
service policy subcategories.
If you are looking at the default domain policy and can??™t figure out how to enable
or disable policy subcategories selectively, you??™re not alone. Microsoft didn??™t provide an
intuitive interface where you can set or unset audit subcategories. Instead, you will need
Table 4-2. Event IDs Associated with Audit Directory Service Access Policies
Event ID Type of Event Description
5136 Modify Event logged when an object??™s attribute is modified
5137 Create Event logged when a new object is created
5138 Undelete Event logged when an object is undeleted
5139 Move Event logged when an object is moved
135 Chapter 4: Active Directory Domain Services
to use a command-line tool called auditpol.exe to perform these changes. For example,
to see the current policy for Directory Service Changes, you can run this:
Auditpol /get /subcategory:"Directory Service Changes"
To disable failure event logs for the Directory Service Changes subcategory, you can
run the following command:
Auditpol /set /subcategory:"Directory Service Changes" /failure:disable
System Access Control List
Each object contains a security descriptor that defines not only who or what can access it
but also a SACL that ultimately determines whether access to this object will be audited.
Setting the global option to audit directory service access or changes is only half the
story.
Pages:
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182