This is a video on how to audit object access on a Server 2008 domain controller (DC) and a client of the domain. I deny permission to a folder for a user and then view the record in the security log in event viewer. Remember that events are always recorded on the local machine. These type of events can be done on Microsoft Windows Server 2008, 2003, 2000, 7, XP, or Vista. They don't require active directory. If you are in a workgroup you'll need to set local group policy (GPO).
Name of auditing - server 2008 defaults
Audit Account Logon Events -successful and failed
Triggered anytime you log into the domain. If the computer or user authenticates to the DC it's an account logon event.
Audit Logon events - successful and failed
Creates an event when you logon to a computer. You log into a domain, an event is recorded on the DC. You log in locally, the event is recorded on that machine. You access a folder, you authenticate to that machine and the event is recorded on that machine.
Audit Account Management - successful only
Audits events for creation, deletion, or modification of users, groups, computers, or passwords.
Audit Directory Service Account - successful only
Audits events specified on the security of objects in AD.
Audit Policy Change - successful only
Audits events that modify user rights.
Audit Privilege use - none
Not sure. Is this the Security setting in GPME? "audits the use of a privilege or user right."
Audit System Events - sucess and failure
Audits success, failure, or changes that affect they system or security log.
Audit Process tracking - success
Audits events such as program activation and process exit
audit object access - success
Audits access to objects such as files, folders, registry keys, and printers that have their access control list (ACL) or security tab. Requires enable options on those items as well
Providing training videos since last Tuesday.
Thanks for watching.