none
Group Policy to save security events Audit Logs

    Question

  • Hello,

    We are having windows 2008 R2 DC environment and below is the requirement.

    The audit logs --Security events must be saved for at least 3 days.

    We need to capture all events related to user object and group objects.
    Account related tasks mentioned n https://support.microsoft.com/kb/977519?wa=wsignin1.0 must be captured.

    We are also taking in account the article
    Audit: Shut down system immediately if unable to log security audits.


    Regards, Ajit

    Wednesday, January 07, 2015 5:20 PM

Answers

  • Hi,

    Please review the script available to save and export event viewer logs

    https://gallery.technet.microsoft.com/scriptcenter/Export-Windows-event-log-ecdfadfc

    manual way to save the logs

    https://kb.acronis.com/content/8859

    regards


    Inderjit

    • Proposed as answer by IJSingh Thursday, January 08, 2015 11:10 AM
    • Marked as answer by Frank Shen5Moderator Tuesday, January 20, 2015 1:17 AM
    Thursday, January 08, 2015 7:21 AM

All replies

  • You can enable auditing for domain controllers.Refer below link

    http://technet.microsoft.com/en-us/library/dd772712%28v=ws.10%29.aspx


    Regards, Prabhu

    Thursday, January 08, 2015 6:16 AM
  • Hi,

    Please review the script available to save and export event viewer logs

    https://gallery.technet.microsoft.com/scriptcenter/Export-Windows-event-log-ecdfadfc

    manual way to save the logs

    https://kb.acronis.com/content/8859

    regards


    Inderjit

    • Proposed as answer by IJSingh Thursday, January 08, 2015 11:10 AM
    • Marked as answer by Frank Shen5Moderator Tuesday, January 20, 2015 1:17 AM
    Thursday, January 08, 2015 7:21 AM
  • You may also be interested reading this informative PDF guide that covers all of your requirements and would be an appropriate solution to resolve your concern in more depth : https://gallery.technet.microsoft.com/How-to-enable-the-Security-dbddb20d

    Lepide - Simplifying IT Management

    Thursday, January 08, 2015 11:09 AM