Legacy and advanced audit policy settings shouldn’t be used at the same time, so make sure you plan to retire legacy settings when switching to Advanced Policy Auditing. First introduced in Windows Server 2008, Advanced Audit Policy provides more granular control over Windows auditing so you can capture what’s important and eliminate noise. If you don’t have any audit policy configured, or if you are still using legacy audit settings, it’s time to set up Advanced Audit Policy. For example, your audit policy may determine that you want to log any remote access to a Windows machine, but that you do not need to audit login attempts from someone on your business premises. The Windows Audit Policy defines the specific events you want to log, and what particular behaviors are logged for each of these events. Windows Advanced Audit Policy and Security Baselines
0 Comments
Leave a Reply. |