How to perform auditing in Windows 2000 Server operating system?

In order to perform auditing in Windows 2000 Server operating system, the Group Policy snap-in must be used to enable Audit object access setting in an audit policy. Otherwise, an error is generated while setting auditing for an object (file/folder).

To add the Group Policy snap-in, the following steps should be taken:

1. Open a new MMC console by typing MMC in the Run dialog box.
2. In the Console menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click the Add button.
4. In the Add Standalone Snap-in dialog box, select Group Policy and click the Add button. Click the Finish button in the Select Group Policy dialog box to perform auditing on the local computer, or click the Browse button to select the computer on which the auditing is to be performed.
5. Close the Add Standalone Snap-in dialog box by clicking the Close button.
6. Click the OK button to close the Add/Remove Snap-in dialog box.
7. Save the new console under a name, through the Save As option of the Console menu. This new console is used for performing auditing in the chosen computer.

To perform auditing of files and folders, the following steps should be taken:

1. Right-click the file/folder for which the auditing is to be performed.
2. Click the Properties button, and then click the Security tab.
3. Click the Advanced button, and click the Auditing tab.
4. Depending upon the type of auditing to be performed, any one of the following three cases is applicable:
   1. In order to perform auditing for a new user/group, the procedure below is followed:
      1. Click the Add button. In the Select User, Computer, or Group dialog box, select the username or group for which the auditing is to be performed.
      2. Click the OK button to open the Auditing Entry dialog box.
   2. To change the audit settings for an existing user/group, click the user/group, and then click View/Edit.
   3. For removing an existing user/group, click the username/group, and click the Remove button.
5. Under the Access field, click Successful or Failed for auditing success or failure for the corresponding event, respectively. Both success and failure audits can also be performed, depending upon the requirements.

To enable auditing on the local computer, the procedure below is followed:

1. In Control Panel, double-click Administrative Tools.
2. In the Administrative Tools window, double-click Local Security Policy.
3. In the Local Security Settings window that pops up, expand the Local Policies tree.
4. Double-click Audit Policy.
5. In the Local Security Settings window, double-click the auditing policy that is to be enabled or disabled.
6. Under Audit these attempts, click Success or Failure for auditing success or failed attempts against the events, respectively.
7. Click the OK button.

• Become CIW CIW Certified Security Analyst certified.
• Download free practice test for CIW CIW Professional exam.
• Become CIW Master CIW Administrator certified.
• Get certified in first attempt download master-ciw-web-site-manager - Master CIW Web Site Manager simulation.
• Become CIW CIW Server Administrator certified.
• Click here to get free 1D0-470 CIW Security Professional exam practice questions.

• Previous Entry: 12 Essentials That Can Make You CEH-v6
• Next Entry: How to create a presentation from Microsoft Word Outline?