Auditing Printing Events

Auditing is a means of tracking a printer's usage. It's possible to specify which groups or users and which actions to audit for a particular printer, as well as audit both successful and failed actions. Windows 2000 stores the data that is generated from auditing a file, which can be viewed and published in various formats using Event Viewer.

To change audit entries, you use the Audit Entry for printer_name page of the Printer Properties dialog box (Figure 4.16).

figure 4.16 example of an audit entry page
Enlarge figure

Figure 4.16 Example of an Audit Entry Page

To add, remove, view, or edit audit entries for a printer

  1. In the Properties dialog box for the printer, click the Security tab, and then click Advanced.
  2. Click the Auditing tab.

    If the tab is not visible, this means you do not have administrator permissions (Manage Printers, Manage Documents) for the server and you cannot continue.

  3. Use the Add and Remove buttons to specify user names and/or groups to be audited, or the View/Edit button to change settings.

    The Add and View/Edit buttons take you to the Audit Entry for printer_name page as shown in Figure 4.16.

  4. On the Audit Entry page, under Apply onto, specify whether the auditing should be done by printer, by document, or both.
  5. Under Access, select check boxes as appropriate to tailor the auditing for the users or groups appearing in the Name box:
    • Successful means "Audit all successful attempts to perform this action."
    • Failed means "Audit all failed attempts to perform this action."
    • Print, Manage Printers, and Manage Documents are the printing permissions. Read Permissions, Change Permissions, and Take Ownership are permissions to control permissions. Table 4.4 shows the associated events that are audited by selecting each permission.
  6. To configure another user or group for auditing, click Choose Account.
  7. When finished, click OK to save all your settings.

note-icon

Note

Most printers should not be audited: the Event Log service would fill up with useless information. It is best to limit auditing to select, high-security printers.

Table 4.4 Audit Events Matrix for Printers

  Permission Selected for Auditing

Event

Print
Manage Documents Manage
Printers
Read Permissions Change Permissions Take Ownership
Printing documents Audited Not
audited
Not
audited
Not
audited
Not
audited
Not
audited
Changing document printing preferences Audited Not
audited
Not
audited
Not
audited
Not
audited
Not
audited
Changing document job properties Not
audited
Audited Not
audited
Not
audited
Not
audited
Not
audited
Pausing, restarting, moving, and deleting documents Not
audited
Audited Not
audited
Not
audited
Not
audited
Not
audited
Changing document printing defaults Not
audited
Audited Audited Not
audited
Not
audited
Not
audited
Creating a printer share Not
audited
Not
audited
Audited Not
audited
Not
audited
Not
audited
Changing printer properties Not
audited
Not
audited
Audited Not
audited
Not
audited
Not
audited
Deleting a printer Not
audited
Not
audited
Audited Not
audited
Not
audited
Not
audited
Reading printer permissions Not
audited
Not
audited
Not
audited
Audited Not
audited
Not
audited
Changing printer permissions Not
audited
Not
audited
Not
audited
Not
audited
Audited Not
audited
Taking ownership Not
audited
Not
audited
Not
audited
Not
audited
Not
audited
Audited


important-icon

Important

For this procedure to work, the Audit Object Access option in Group Policy must be set to audit successful attempts, failed attempts, or both. To access this option, click Computer Configuration, Windows Settings, Security Settings, Local Policies, and then click Audit Policy.

© 1985-2000 Microsoft Corporation. All rights reserved.



Microsoft Corporation Staff, IT Professional Staff - Microsoft Windows 2000 Server Operations Guide
Microsoft Corporation Staff, IT Professional Staff - Microsoft Windows 2000 Server Operations Guide
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 404

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net