Automatic Audit Policy Configuration for Workstation Auditing


Steps to configure audit policy for workstation(s) while adding, for already added workstations click on the "Configure" link in the 'Available Workstations'[Configuration tab -> Configured Workstations] table.

  1. Login into ADAudit Plus

  2. Click on "Configuration" Tab -->>"Configured Workstation(s)"

  3. Click on "Add Workstation(s)" select the Workstation(s) that require audit (This will list all the Workstation(s) on a Pop-up)

  4. Select the Workstation(s) to be configured and click on "OK" (The below alert will be displayed).

  1. Clicking on "Yes" will enable one or all of the below if not configured already.

    1. Add the selected Workstation(s) for auditing.

    2. Audit Logon Events Policy will be enabled for the selected Workstation(s) via a GPO.

      • ADAudit Plus automatically creates a Group Policy Object (GPO) that is linked to the Domain.

      • This is created with the name "<Domain name>_ADAuditPlusWSPolicy" where the desired "Audit Logon Events Policy" is configured.

      • This policy is applied on the selected Workstation(s).

    3. Event Log Retention method for security log, to be set to 'Overwrite Events as Needed'.
  2. You can Skip the automatic configuration of point 2 by clicking on the button "Skip 2" to configure the Audit Logon Events Policy manually. Steps to manually configure Audit Logon Events Policy for the selected Workstation(s) via a GPO.

Option 2 will automatically be configured for Workstation(s) in the Local Domain. However for Remote Domains these settings are to be configured manually.

  1. Steps to manually configure Audit Logon Events Policy for the selected Workstation(s) via a GPO.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link