Activity: Designing an Audit Strategy

Trey Research must determine the best auditing strategy to use for its Windows 2000 network. Your solution must identify the computers, events, and objects that you want to audit.

The network administrator at Trey Research has provided the following objectives for auditing. The Trey Research administrator must be able to determine the following information from the security log:

  • Identify any attempts to break into the network
  • Identify when an attempt is made to create new user accounts and which account attempted to create the new user account
  • Identify all access attempts to documents stored at \\server\budget
  • Identify if anyone attempts to change the current audit settings for the domain
  • Identify if the DCs have been restarted and whether a user caused the restart of the server

To meet these auditing requirements, you must analyze each of the requirements and determine what audit policy must be defined and whether to audit successes or failures or both.

Answer the following questions about this situation. The answers to these questions can be found in the appendix.

  1. Complete the following table to meet the audit requirements:
    Policy Success Failure
    Audit account management
    Audit account logon events
    Audit directory service access
    Audit logon events
    Audit object access
    Audit policy changes
    Audit privilege use
    Audit process tracking
    Audit system events
  2. What additional configuration is required to meet the desired audit settings?

  3. Assuming that DCs are located in the default location in Active Directory, where should you apply this audit policy?


Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172 © 2008-2017.
If you may any questions please contact us: