Justin, It's always been my strong opinion that when auditing is set up, you need to tailor it to what you're trying to find - intrusion, mischief, or simple information.
Once you have this, you then have a clearer direction in which to set up your auditing. Personally, on my systems at the office, we use the audit settings right out of the NSA guide. If you don't have the NSA Windows 2000 recommendations, get them here: http://nsa1.www.conxion.com/ For systems that are in our soft or hard DMZ, I tune these a little tighter, and the AD auditing goes away. Why? No AD in our DMZ - workgroups, like it or find another way. Works for us - quite well, I might add. But then, I have multiple levels of firewalls and IDS sensors outside, inside, and at all end-point systems. As you might guess, auditing is just a piece of our solution. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Salandra, Justin A. > Sent: Wednesday, May 29, 2002 4:01 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Active Directory Audit > > > Hello Everyone, > > I am trying to fine tune my auditing policies and was > wondering what everyone else set their audit policies to do > in regards to domain controllers and regular w2k servers. > Any info would be appreciated. > > > Justin A. Salandra, MCSE > Senior Network Engineer > Catholic Healthcare System > 914.681.8117 office > 646.483.3325 cell > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
