Chapter 16. Implementing Administrative Templates and Audit Policy | MCSA/MCSE 70-290 Exam Prep: Managing and Maintaining a Microsoft Windows Server 2003 Environment (2nd Edition)

Objectives

This chapter covers the following Microsoft-specified objectives for the "Monitor File and Print Servers" section of the Managing and Maintaining a Microsoft Windows Server 2003 Environment exam:

Monitor and analyze events. Tools might include Event Viewer and System Monitor.

The purpose of this objective is to teach you how to use the system tools to locate and identify errors and security events using the Event Viewer logs. In addition, you will need to be able to manage the security logs for the purpose of auditing system events.

Outline

Introduction			700
Security in Windows Server 2003			700
	Applying Security Policies		700
		Configuring Security Policies	701
		Account Policies	702
		Event Log Policies	704
		File System Policies	705
		Local Computer Policies	705
		Audit Policy	706
Using the Event Logs			706
	Understanding the Event Logs		707
	Working with the Event Logs		710
		Viewing Logs on Another Computer	711
		Configuring Log Properties	711
		Clearing and Saving Logs	713
	Log Viewing Options		714
	Filtering Events		715
		New Log View	717
		Finding Specific Events	717
		Loading a Saved Event Log	719
Managing Security Logs			720
Configuring Auditing			723
	Using Audit Policies		724
	Creating an Audit Policy		726
User Rights Assignment			732
Using Security Templates			735
	Creating Security Templates		737
	Customizing Security Templates		738
	Using the Security Configuration and Analysis Tool		740
Chapter Summary			745
	Key Terms		745
Apply Your Knowledge			745

Study Strategies

The sections in this chapter outline how to monitor and enforce security in both a standalone and a domain environment. Make sure that you have a complete understanding of how to work with the Event Logs, and especially the Security and Analysis tool. Perform the supplied exercises, and look at the supplemental reading to get more of an understanding of its capabilities.
Most of the Event Viewer questions will probably be related to the use of the Security log and auditing. Although auditing is turned on by default in Windows Server 2003, you still have to configure auditing on the individual objects. Make sure you understand the various auditing capabilities, how to enable auditing for an object, and how to configure and archive the event logs.
In addition to the capabilities we discussed in previous chapters, Group Policy can also be used to implement security. You should perform the exercises that make security changes, and observe both how they are applied and their effects on standalone servers and member servers.