giving back to the community. Thanks for stopping by.. and don't forget to tell your friends!
Domain Security Policy
some notes on enabling auditing to enhance domain security for Windows 2000 Active Directory:
Start .. Programs .. Administrative Tools .. Domain Security Policy
Enable these Policies:
Start .. Run .. CMD .. OK
secedit /refreshpolicy machine_policy
secedit /refreshpolicy user_policy
Browse to folder requiring monitoring.
Right click folder and choose properties.
Select Security tab. Click Advanced...
Select Auditing tab
Click Add...
Change Look in: to local system name
Select Everyone from list and click OK
Choose items to monitor
Delete Subfolders and Files (Successful/Failed)
Delete (Successful/Failed)
Take Ownership (Successful/Failed)
Click OK
Check Reset auditing entries on all child objects and enable propagation of inheritable auditing entries.
Click OK
Monitor Security event log for alerts. Add or remove items to fit your specific requirements.
Keep in mind this is extra work for your servers and you may take a performance hit by enabling auditing.
( )
Friday, December 30, 2005
0 Comments:
Back to top.
