buy custom essays onlinebuy custom essays online

Audit Policy-Windowns 2K8
Parajumpers sale www.airbrushhenk.nl Parajumpers sale http://www.unifem.ch canada goose sale Canada Goose jas http://www.canadagooseoutlets.be https://www.gasinc.nl
Home » Hệ điều hành » Windows Server 2008 » Audit Policy-Windowns 2K8

Audit Policy-Windowns 2K8

 AUDIT POLICY – Windows 2k8

Như các bạn đã biết muốn giám sát thông tin người dùng logon/logoff (máy tính nào, lần cuối khi nào, do DC nào ghi nhận lạị.Chúng ta triển khai Audit Policies và giám sát việc đó bằng Event Viewer trên nền Windows Server 2003.Bài viết này tôi sẽ triển khai Audit Policies trên nền Windows Server 2008 R2. Bạn xem có khác gì không nhé
Trong bài lab này : Tạo OU Nhatnghe và 2 user teo ,ti

AUDIT-POLICY069.jpg

AUDIT-POLICY070.jpg

AUDIT-POLICY071.jpg

AUDIT-POLICY072.jpg

Right click lên Ou nhatnghe chọn Properties > advanced > tab audit > Double Click teo

AUDIT-POLICY073.jpg

AUDIT-POLICY074.jpg
Dòng Apply onto : chọn Descendant User Object

AUDIT-POLICY075.jpg

Check vào Write all properties cột Successful

AUDIT-POLICY076.jpg

Mình đã cấu hình Special

AUDIT-POLICY077.jpg

Start > Administrator Tools > Group Policy Management

AUDIT-POLICY078.jpg

AUDIT-POLICY079.jpg

Right Click lên Ou nhatnghe > chọn Create a GPO in this domain

AUDIT-POLICY080.jpg

Trong New GPO >Name : Policy-teo (audit)

AUDIT-POLICY081.jpg

Xuất hiện dòng Policy- teo (audit)

AUDIT-POLICY082.jpg

Right click Policy vừa tạo chọn Edit

AUDIT-POLICY083.jpg

AUDIT-POLICY084.jpg

Trong Computer configuration > Policies > Windows Settings

AUDIT-POLICY085.jpg

Security Setting > Advanced Audit Policy Configuration

AUDIT-POLICY086.jpg

AUDIT-POLICY087.jpg

Chọn Audit Policies

AUDIT-POLICY088.jpg

Đây là các Policies Audit ( kiểm soát hệ thống )

AUDIT-POLICY089.jpg

Chọn Audit Other Account Logon Events

AUDIT-POLICY090.jpg

Chọn Success và Failure

AUDIT-POLICY091.jpg

Chọn Audit Logoff

AUDIT-POLICY092.jpg

Chọn Success

AUDIT-POLICY093.jpg

Chọn Audit Logon

AUDIT-POLICY094.jpg

Chọn Success

AUDIT-POLICY095.jpg

Chọn Audit Other Logon/logoff Events

AUDIT-POLICY096.jpg

Chọn Success và Failure

AUDIT-POLICY097.jpg

Start > Run > Gỏ CMD : trong cửa sổ dòng lệnh gõ Gpupdate /force

Start > Admnistrator > Event Viewer

AUDIT-POLICY098.jpg

AUDIT-POLICY099.jpg

Trong cửa sổ Event Viewer > Window logs > Security

AUDIT-POLICY100.jpg

Xuất hiện việc logon của Administrator trên pc40

AUDIT-POLICY101.jpg

User teo logoff vào hệ thống thành công

AUDIT-POLICY102.jpg

Và đây là những chính sách trên Audit policy triển khai trên giao diện dòng lệnh CMD

auditpol /set /subcategory:”Security State Change” /success:enable /failure:enable auditpol /set /subcategory:”Security System Extension” /success:enable /failure:enable

auditpol /set /subcategory:”System Integrity” /success:enable /failure:enable

auditpol /set /subcategory:”IPsec Driver” /success:disable /failure:disable

auditpol /set /subcategory:”Other System Events” /success:enable /failure:enable

auditpol /set /subcategory:”Logon” /success:enable /failure:enable

auditpol /set /subcategory:”Logoff” /success:enable /failure:enable

auditpol /set /subcategory:”Account Lockout” /success:enable /failure:enable

auditpol /set /subcategory:”IPsec Main Mode” /success:disable /failure:disable

auditpol /set /subcategory:”IPsec Quick Mode” /success:disable /failure:disable

auditpol /set /subcategory:”IPsec Extended Mode” /success:disable /failure:disable

auditpol /set /subcategory:”Special Logon” /success:enable /failure:enable

auditpol /set /subcategory:”Other Logon/Logoff Events” /success:enable /failure:enable

auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

auditpol /set /subcategory:”File System” /success:enable /failure:enable

auditpol /set /subcategory:”Registry” /success:enable /failure:enable

auditpol /set /subcategory:”Kernel Object” /success:enable /failure:enable

auditpol /set /subcategory:”SAM” /success:disable /failure:disable

auditpol /set /subcategory:”Certification Services” /success:enable /failure:enable

auditpol /set /subcategory:”Application Generated” /success:enable /failure:enable

auditpol /set /subcategory:”Handle Manipulation” /success:disable /failure:disable

auditpol /set /subcategory:”File Share” /success:enable /failure:enable

auditpol /set /subcategory:”Filtering Platform Packet Drop” /success:disable /failure:disable

auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:disable

auditpol /set /subcategory:”Other Object Access Events” /success:disable /failure:disable

auditpol /set /subcategory:”Sensitive Privilege Use” /success:disable /failure:disable

auditpol /set /subcategory:”Non Sensitive Privilege Use” /success:disable /failure:disable

auditpol /set /subcategory:”Other Privilege Use Events” /success:disable /failure:disable

auditpol /set /subcategory:”Process Creation” /success:enable /failure:enable

auditpol /set /subcategory:”Process Termination” /success:enable /failure:enable

auditpol /set /subcategory:”DPAPI Activity” /success:disable /failure:disable

auditpol /set /subcategory:”RPC Events” /success:enable /failure:enable

auditpol /set /subcategory:”Audit Policy Change” /success:enable /failure:enable

auditpol /set /subcategory:”Authentication Policy Change” /success:enable /failure:enable

auditpol /set /subcategory:”Authorization Policy Change” /success:enable /failure:enable

auditpol /set /subcategory:”MPSSVC Rule-Level Policy Change” /success:disable /failure:disable

auditpol /set /subcategory:”Filtering Platform Policy Change” /success:disable /failure:disable

auditpol /set /subcategory:”Other Policy Change Events” /success:enable /failure:enable

auditpol /set /subcategory:”User Account Management” /success:enable /failure:enable

auditpol /set /subcategory:”Computer Account Management” /success:enable /failure:enable

auditpol /set /subcategory:”Security Group Management” /success:enable /failure:enable

auditpol /set /subcategory:”Distribution Group Management” /success:enable /failure:enable

auditpol /set /subcategory:”Application Group Management” /success:enable /failure:enable

auditpol /set /subcategory:”Other Account Management Events” /success:enable /failure:enable

auditpol /set /subcategory:”Directory Service Access” /success:enable /failure:enable

auditpol /set /subcategory:”Directory Service Changes” /success:enable /failure:enable

auditpol /set /subcategory:”Directory Service Replication” /success:disable /failure:disable

auditpol /set /subcategory:”Detailed Directory Service Replication” /success:disable /failure:disable

auditpol /set /subcategory:”Credential Validation” /success:enable /failure:enable

auditpol /set /subcategory:”Kerberos Service Ticket Operations” /success:enable /failure:enable

auditpol /set /subcategory:”Other Account Logon Events” /success:enable /failure:enable

auditpol /set /subcategory:”Kerberos Authentication Service” /success:enable /failure:enable

 

© 2012, Quản trị mạngNguồn: nhatnghe.

VN:F [1.9.17_1161]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.17_1161]
Rating: +1 (from 1 vote)
Audit Policy-Windowns 2K8, 10.0 out of 10 based on 1 rating
Post a Comment 

You must be logged in to post a comment.