How to perform auditing in Windows 2000 Server operating system?

How to perform auditing in Windows 2000 Server operating system?

Rating:

In order to perform auditing in Windows 2000 Server operating system, the Group Policy snap-in must be used to enable Audit object access setting in an audit policy. Otherwise, an error is generated while setting auditing for an object (file/folder).

To add the Group Policy snap-in, the following steps should be taken:

1. Open a new MMC console by typing MMC in the Run dialog box.
2. In the Console menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click the Add button.
4. In the Add Standalone Snap-in dialog box, select Group Policy and click the Add button. Click the Finish button in the Select Group Policy dialog box to perform auditing on the local computer, or click the Browse button to select the computer on which the auditing is to be performed.
5. Close the Add Standalone Snap-in dialog box by clicking the Close button.
6. Click the OK button to close the Add/Remove Snap-in dialog box.
7. Save the new console under a name, through the Save As option of the Console menu. This new console is used for performing auditing in the chosen computer.

1. Right-click the file/folder for which the auditing is to be performed.
2. Click the Properties button, and then click the Security tab.
3. Click the Advanced button, and click the Auditing tab.
4. Depending upon the type of auditing to be performed, any one of the following three cases is applicable:
   1. In order to perform auditing for a new user/group, the procedure below is followed:
      1. Click the Add button. In the Select User, Computer, or Group dialog box, select the username or group for which the auditing is to be performed.
      2. Click the OK button to open the Auditing Entry dialog box.
   2. To change the audit settings for an existing user/group, click the user/group, and then click View/Edit.
   3. For removing an existing user/group, click the username/group, and click the Remove button.
5. Under the Access field, click Successful or Failed for auditing success or failure for the corresponding event, respectively. Both success and failure audits can also be performed, depending upon the requirements.

1. In Control Panel, double-click Administrative Tools.
2. In the Administrative Tools window, double-click Local Security Policy.
3. In the Local Security Settings window that pops up, expand the Local Policies tree.
4. Double-click Audit Policy.
5. In the Local Security Settings window, double-click the auditing policy that is to be enabled or disabled.
6. Under Audit these attempts, click Success or Failure for auditing success or failed attempts against the events, respectively.
7. Click the OK button.

Rating: