Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!
Auditing Your Workstation
- 0
- Add a Comment
- No Related Post
While Auditing is normally in place on servers, it isn’t usually performed on workstations unless there is a high risk of data theft. However, enabling a few auditing events locally on a workstation may prevent a larger problem in the future.
By selectively auditing a few key actions, you’ll have a place to start investigating theft or destruction of data if someone ever does compromise your workstation. Set up auditing on the following actions:
- Account logon events (success and failure)
- Account management (success and failure)
- Logon events (success and failure)
- Object access (success)
- Policy change (success and failure)
- Privilege use (success and failure)
- System events (success and failure)