hola,
estamos habilitando y configurando por GPO auditoria avanzada, pero haciendo pruebas de creación/eliminado de objetos (directorios) en los host donde habilitamos la auditoria no se observan en log de seguridad estos impactos.
| SRV-SecurityOptions-AuditoriaAvanzada-LogsServers |
| Data collected on: 16/03/2017 16:25:53 |
hide all
|
| Domain |
A1.ad |
| Owner |
A1\Domain Admins |
| Created |
16/04/2015 12:53:48 |
| Modified |
16/03/2017 16:24:28 |
| User Revisions |
0 (AD), 0 (SYSVOL) |
| Computer Revisions |
109 (AD), 109 (SYSVOL) |
| Unique ID |
{AB53AC93-E9F1-4940-A502-352BCA671B1A} |
| GPO Status |
Enabled |
| Location |
Enforced |
Link Status |
Path |
| Srvs |
Yes |
Enabled |
A1.ad/BUE/CA/Srvs |
This list only
includes links in the domain of the GPO.
The settings in this GPO can only apply to the following
groups, users, and computers:
| Name |
| NT AUTHORITY\Authenticated Users |
These groups and users have the specified permission for this
GPO
| Name |
Allowed Permissions |
Inherited |
| NT AUTHORITY\Authenticated Users |
Read (from Security Filtering) |
No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS |
Read |
No |
| NT AUTHORITY\SYSTEM |
Edit settings, delete, modify security |
No |
| A1\Domain Admins |
Edit settings, delete, modify security |
No |
| A1\Enterprise Admins |
Edit settings, delete, modify security |
No |
Computer
Configuration (Enabled)hide
Local Policies/Security
Optionshide
| Policy |
Setting |
Audit: Force audit policy subcategory settings (Windows Vista or later) to
override audit policy category settings |
Enabled |
| Policy |
Setting |
| Maximum application log size |
3200000 kilobytes |
| Maximum security log size |
3200000 kilobytes |
| Maximum system log size |
3200000 kilobytes |
| Retention method for application log |
As needed |
| Retention method for security log |
As needed |
| Retention method for system log |
As needed |
Advanced Audit
Configurationhide
| Policy |
Setting |
| Audit Credential Validation |
Success, Failure |
| Policy |
Setting |
| Audit Computer Account Management |
Success |
| Audit Other Account Management Events |
Success, Failure |
| Audit Security Group Management |
Success, Failure |
| Audit User Account Management |
Success, Failure |
| Policy |
Setting |
| Audit Process Creation |
Success, Failure |
| Policy |
Setting |
| Audit Account Lockout |
Success, Failure |
| Audit Logoff |
Success, Failure |
| Audit Logon |
Success, Failure |
| Audit Other Logon/Logoff Events |
Success, Failure |
| Audit Special Logon |
Success, Failure |
| Policy |
Setting |
| Audit File Share |
Success, Failure |
| Audit File System |
Success, Failure |
| Audit Other Object Access Events |
Success, Failure |
| Audit Registry |
Success, Failure |
| Policy |
Setting |
| Audit Audit Policy Change |
Success, Failure |
| Audit Authentication Policy Change |
Success, Failure |
| Audit Authorization Policy Change |
Success, Failure |
| Policy |
Setting |
| Audit Non Sensitive Privilege Use |
Success, Failure |
| Audit Sensitive Privilege Use |
Success, Failure |
| Policy |
Setting |
| Audit Other System Events |
Success, Failure |
| Audit Security State Change |
Success, Failure |
| Audit System Integrity |
Success,
Failure |
User Configuration
(Enabled)hide
Alejandro | Especialista en Infraestructura Microsoft y Fortinet|
