Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
2008 R2: Use "Advanced Security Audit Policy" to log print jobs?

Answered 2008 R2: Use "Advanced Security Audit Policy" to log print jobs?

  • Monday, November 14, 2011 8:17 PM
     
     
    Sign In to Vote
    0

    I am trying to enable print job auditing on a 2008 R2 network. There are two DCs and two file servers, and one of the file servers has printers installed as directory objects.

    In the Security for one of the printers I have enabled auditing for "Everyone" who prints, but nothing appears in the security log on either the file server or one of the DCs.

    It looks like I have to do something else to actually enable logging, but all available documentation is vague on what needs to be done for Server 2008 R2.

    This for example is the explanation page for what can be done under the "Advanced Audit Policy Configuration" domain group policy:

    http://technet.microsoft.com/en-us/library/hh125919(WS.10).aspx

    Note that NOWHERE on this page is the auditing of printers mentioned. All that is available is vague generalities within "Audit Object Access" such as:

    • Audit Application Generated
    • Audit Certification Services
    • Audit Detailed File Share
    • Audit File Share
    • Audit File System
    • Audit Filtering Platform Connection
    • Audit Filtering Platform Packet Drop
    • Audit Handle Manipulation
    • Audit Kernel Object
    • Audit Other Object Access Events
    • Audit Registry
    • Audit SAM

    None of these refer to "printer object" auditing or "print job" auditing.

     

     

All Replies

  • Monday, November 21, 2011 9:20 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Dear Customer,

     

    Based on my research, Windows Server 2008 have functionality to monitor the print jobs, they are just turned of by default.

    Diagnostics -> Event Viewer -> Applications and Service Logs -> Microsoft -> Windows -> Print Service -> Operational -> Enable log

    I hope this helps.

     

    如果您对我们的论坛在线支持服务有任何的意见或建议,请通过邮件告诉我们。
    Description: Description: TechNet 论坛好帮手立刻免费下载  TechNet 论坛好帮手

     
  • Saturday, July 28, 2012 9:18 PM
     
     Proposed
    Sign In to Vote
    0

    This post gives instructions on how to enable print log in Server 2008 R2 and provides a powershell script that can output history.  Check it out:

    http://mywinsysadm.wordpress.com/2012/07/16/powershell-audit-printer-event-logs/



    • Edited by bbickett Saturday, July 28, 2012 9:19 PM
    • Proposed As Answer by bbickett Saturday, July 28, 2012 9:19 PM
    •