Group Policy to manage audit event logs

All replies

• 

  

  0

  Sign in to vote

  this article may be helpful to understand the "legacy" (pre-Vista) log settings and the "not-legacy" (post-XP) log settings:

  https://blogs.technet.microsoft.com/askds/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista/

  ---

  Don [doesn't work for MSFT, and they're probably glad about that ;]

  Saturday, April 2, 2016 8:51 AM
• 

  

  0

  Sign in to vote

  Hi,

  As far as I know, there is no such a recommended GP to prevent audit event logs growing too big. What we can do is that make sure you are auditing the correct settings to avoid collecting to much information. Below is a "Best Practices" guide that you may find useful:
  
  Auditing Security Events Best practices
  http://technet.microsoft.com/en-us/library/cc778162%28WS.10%29.aspx

  Best Regards,

  Alvin Wang

  ---

  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Proposed as answer by Alvwan Monday, April 11, 2016 7:51 AM
  • Marked as answer by Alvwan Wednesday, April 13, 2016 7:53 AM

  Monday, April 4, 2016 3:06 AM
• 

  

  0

  Sign in to vote

  I agreed with Alvwan what he suggested above.

  In order to get rid of any possible interruption, you should make sure that you are in right direction.

  Here is an informative article which provides a quick reference to enable global audit policy in Windows Server : http://www.grouppolicyauditing.com/blog/enabling-global-audit-policy-in-windows-server-a-quick-security-guide/

  Monday, April 4, 2016 7:03 AM