Configure Audit Policies

Introduction

Welcome to the Configure Audit Policies Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Exercise 1 - Manage Audit Policies

After completing this lab, you will be able to:

• View default audit policies
• Enable auditing for specific events
• Find out where audit information is saved and how to secure audit information

Exam Objectives

The following exam objectives are covered in this lab:

• Understand file and print services - auditing
• Understand troubleshooting methodology - Event Viewer, event filtering, default logs

Lab Duration

It will take approximately 45 minutes to complete this lab.

Exercise 1 - Manage Audit Policies

Auditing is the process of collecting log files that describe activities that transpire on Windows computers. The recorded Windows log files are classified into four types, namely: system, application, security, and setup.

The System log record events logged by Windows system components such as a device driver that failed to initialize during a start-up.

The Application log records events logged by programs. For Windows Server, this log type refers to activities reported by server-based programs such as a messaging system like Exchange Server.

The Security log records security events, namely: logon attempts and resource usages such as creating folders, files, and other objects.

The Setup log record event when a Microsoft Standalone Update or “.msu” file like Remote Server Administration Tools or RSAT is installed.

In this exercise, you will examine the default audit policies that are enabled in Windows, view logon events and enable object access auditing.