Monday, November 14, 2011 8:17 PM
I am trying to enable print job auditing on a 2008 R2 network. There are two DCs and two file servers, and one of the file servers has printers installed as directory objects.
In the Security for one of the printers I have enabled auditing for "Everyone" who prints, but nothing appears in the security log on either the file server or one of the DCs.
It looks like I have to do something else to actually enable logging, but all available documentation is vague on what needs to be done for Server 2008 R2.
This for example is the explanation page for what can be done under the "Advanced Audit Policy Configuration" domain group policy:
Note that NOWHERE on this page is the auditing of printers mentioned. All that is available is vague generalities within "Audit Object Access" such as:
- Audit Application Generated
- Audit Certification Services
- Audit Detailed File Share
- Audit File Share
- Audit File System
- Audit Filtering Platform Connection
- Audit Filtering Platform Packet Drop
- Audit Handle Manipulation
- Audit Kernel Object
- Audit Other Object Access Events
- Audit Registry
- Audit SAM
None of these refer to "printer object" auditing or "print job" auditing.
Monday, November 21, 2011 9:20 AMModerator
Based on my research, Windows Server 2008 have functionality to monitor the print jobs, they are just turned of by default.
Diagnostics -> Event Viewer -> Applications and Service Logs -> Microsoft -> Windows -> Print Service -> Operational -> Enable log
I hope this helps.
- Marked As Answer by Tom Zhang – MSFTMicrosoft Contingent Staff, Moderator Friday, November 25, 2011 2:15 AM
Saturday, July 28, 2012 9:18 PM
This post gives instructions on how to enable print log in Server 2008 R2 and provides a powershell script that can output history. Check it out: