Recipe 19.13. Auditing Backup and Restore Actions

Previous page
Table of content
Next page

Problem

You want to audit who performs tasks associated with backup and restore on a Windows XP system.

Solution

Using Group Policy

Through Group Policy, you can choose to audit any action related to back up and restore. The GPO setting, for those in a domain environment, is found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and is called "Audit: Audit the use of Backup and Restore privilege." This setting is also available through Local Security Policy (you can access this through the Administrative Tools applet within Control Panel) in the Local Policies/Security Options tree.

Discussion

This GPO setting tells Windows whether to write an event in the Security event log when users exercise Backup and Restore privileges, but only when the Audit privilege use policy GPO is enabled. It also generates an audit event for every file that is backed up or restored. All audited events are caused by actions stemming from the execution of NTBACKUP for example, creating an ASR backup will trigger a log entry, whereas doing an xcopy backup will not cause anything to be logged.

See Also

Chapter 6 on Group Policy in Learning Windows Server 2003 (O'Reilly)


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Strategies for Information Technology Governance
Lotus Notes and Domino 6 Development (2nd Edition)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Quantitative Methods in Project Management
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy