Auditing, or the ability to track security events in the Windows NT security log, is a valuable tool for helping you maintain the security of your systems. Microsoft has improved on NT's auditing features with Windows 2000, which offers significant enhancements. In addition to NT’s seven categories of audit events, Win2K provides two new categories to track additional areas of activity. Let's take a close look at Win2K's auditing capabilities and see how they differ from NT's.
Configuring Audit Policy
Like NT, Win2K’s default audit policy disables each audit category, so the security log is empty on a freshly installed system. Unlike NT, you don't use User Manager to enable auditing in Win2K. In fact, User Manager doesn’t work in Win2K domains. Instead, you use the Active Directory (AD) Group Policy to enable auditing. For information on Group Policy and Win2K's configuration process, see my column "Group Policy". . . .
Why become a VIP member?
 |
VIP-only online access |
 |
VIP CD delivered twice a year: offline access to the entire Windows IT Pro article library |
 |
Monthly issue of your choice of Windows IT Pro or SQL Server Magazine |


Matthew Brown August 30, 2000