Windows has come up with a comprehensive security policy. To enable logging, it is advisable to have an audit policy. Can someone tell me what the Advanced Audit Policy Configuration best practices in Microsoft?
What Are The Advanced Audit Policy Configuration Best Practices In Windows?
For the Windows Audit Policy I recommend the following changes:
- Success and Failure in Account Logon Events
- Success and Failure in Account Management Events
- Failure in Directory Service Access Events
- Success and Failure in Logon Events
- Success and Failure in Object Access Events
- Success and Failure in Policy Change Events
The sample settings for the Advanced Audit Policy in Windows are given below.