Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

Configure audit policies in your domain - Manual configuration

1. Configure advanced audit policies

Advanced audit policies help administrators exercise granular control over which activities get recorded in the logs, helping cut down on event noise. We recommend configuring advanced audit policies on Windows Server 2008 and above.

  1. Log in to any computer that has the Group Policy Management Console (GPMC) with Domain Admin credentials. Open the GPMC, and based on your setup, you'll either right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy, and select Edit.
  2. Note: If AD FS has been installed on a domain controller, configure the audit policy in the Default Domain Controllers Policy GPO.
    If AD FS has been installed on a Windows server, configure the audit policy in the ADAuditPlusMSPolicy GPO.

  3. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policy. 
  4. Double-click on Object Access. 
  5. Right-click on Audit Application Generated in the right pane. Select Properties, then check the boxes next to Success and Failure.
  6. General Settings under the Admin tab

2. Force advanced audit policies

When using advanced audit policies, ensure that they are forced over legacy audit policies. 

  1. Log in to any computer that has the GPMC with Domain Admin credentials. Open the GPMC, and based on your setup, you'll either right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy, then select Edit.
  2. Note: If AD FS has been installed on a domain controller, configure the audit policy in the Default Domain Controllers Policy GPO.
    If AD FS has been installed on a Windows server, configure the audit policy in the ADAuditPlusMSPolicy GPO.

  3. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
  4. Right-click Audit: Force audit policy subcategory settings from the right pane
  5. Select Properties, then choose Enabled.
  6. General Settings under the Admin tab

3. Configure legacy audit policies

Due to the unavailability of advanced audit policies in Windows Server 2003 and earlier versions, legacy audit policies need to be configured for these types of servers.

  1. Log in to any computer that has the GPMC with Domain Admin credentials. Open the GPMC, and based on your setup, you'll either right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy, then select Edit.
  2. Note: If AD FS has been installed on a domain controller, configure the audit policy in the Default Domain Controllers Policy GPO.
    If AD FS has been installed on a Windows server, configure audit policy in the ADAuditPlusMSPolicy GPO.

  3. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
  4. Double-click Audit Policy.
  5. Right-click on the Object Access policy in the right pane. Select Properties, then check the boxes next to Success and Failure.
  6. General Settings under the Admin tab

ADAudit Plus Trusted By

A single pane of glass for complete Active Directory Auditing and Reporting