16
AUDIT POLICY - Windows 2k8 Tác Giả : Tấn Duy - Nhất Nghệ Như các bạn đã biết muốn giám sát thông tin người dùng logon/logoff (máy tính nào, lần cuối khi nào, do DC nào ghi nhận lạị.Chúng ta triển khai Audit Policies và giám sát việc đó bằng Event Viewer trên nền Windows Server 2003.Bài viết này tôi sẽ triển khai Audit Policies trên nền Windows Server 2008 R2. Bạn xem có khác gì không nhé Trong bài lab này : Tạo OU Nhatnghe và 2 user teo ,ti

AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Embed Size (px)

Citation preview

Page 1: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

AUDIT POLICY - Windows 2k8Tác Giả : Tấn Duy - Nhất Nghệ

Như các bạn đã biết muốn giám sát thông tin người dùng logon/logoff (máy tính nào, lần cuối khi nào, do DC nào ghi nhận lạị.Chúng ta triển khai Audit Policies và giám sát việc đó bằng Event Viewer trên nền Windows Server 2003.Bài viết này tôi sẽ triển khai Audit Policies trên nền Windows Server 2008 R2. Bạn xem có khác gì không nhé

Trong bài lab này : Tạo OU Nhatnghe và 2 user teo ,ti 

Page 2: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Right click lên Ou nhatnghe chọn Properties > advanced > tab audit > Double Click teo 

Dòng Apply onto : chọn Descendant User Object

Page 3: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Check vào Write all properties cột Successful

Mình đã cấu hình Special 

Start > Administrator Tools > Group Policy Management 

Page 4: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Right Click lên Ou nhatnghe > chọn Create a GPO in this domain

Trong New GPO >Name : Policy-teo (audit)

Page 5: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Xuất hiện dòng Policy- teo (audit) 

Right click Policy vừa tạo chọn Edit

Page 6: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Trong Computer configuration > Policies > Windows Settings 

Security Setting > Advanced Audit Policy Configuration

Chọn Audit Policies

Page 7: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Đây là các Policies Audit ( kiểm soát hệ thống )

Chọn Audit Other Account Logon Events

Page 8: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Chọn Success và Failure 

Chọn Audit Logoff

Chọn SuccessHình ảnh này đã được thay đổi kích thước. Click vào đây để xem hình ảnh gốc với kích thước là 523x160

Chọn Audit Logon

Page 9: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Chọn SuccessHình ảnh này đã được thay đổi kích thước. Click vào đây để xem hình ảnh gốc với kích thước là 523x153

Chọn Audit Other Logon/logoff Events 

Chọn Success và Failure

Start > Run > Gỏ CMD : trong cửa sổ dòng lệnh gõ Gpupdate /force Start > Admnistrator > Event Viewer

Page 10: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Trong cửa sổ Event Viewer > Window logs > Security

Page 11: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Xuất hiện việc logon của Administrator trên pc40

User teo logoff vào hệ thống thành công

Page 12: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

Và đây là những chính sách trên Audit policy triển khai trên giao diện dòng lệnh CMD

auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable 

auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable 

auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable 

auditpol /set /subcategory:"Other System Events" /success:enable /failure:enable 

auditpol /set /subcategory:"Logon" /success:enable /failure:enable 

auditpol /set /subcategory:"Logoff" /success:enable /failure:enable 

auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable 

auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable 

auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable 

auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable 

auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable 

auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable 

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable 

auditpol /set /subcategory:"File System" /success:enable /failure:enable 

auditpol /set /subcategory:"Registry" /success:enable /failure:enable 

Page 13: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable 

auditpol /set /subcategory:"SAM" /success:disable /failure:disable

auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable 

auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable 

auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable 

auditpol /set /subcategory:"File Share" /success:enable /failure:enable 

auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable 

auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable 

auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable 

auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable

auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable 

auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable 

auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable 

auditpol /set /subcategory:"Process Termination" /success:enable /failure:enable 

auditpol /set /subcategory:"DPAPI Activity" /success:disable /failure:disable 

auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable 

auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable 

auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable 

auditpol /set /subcategory:"Authorization Policy Change" /success:enable /failure:enable 

auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable

auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable 

auditpol /set /subcategory:"Other Policy Change Events" /success:enable /failure:enable 

auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable 

auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable 

auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable 

auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable 

auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable 

Page 14: AUDIT POLICY(giam.sat.thong.tin.nguoi.dung)

auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable 

auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable 

auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable 

auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:disable 

auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable 

auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable 

auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable 

auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable 

auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable__________________

Nhất Nghệ - ICT Training Center

Ghi Danh - Tư Vấn Học : (083) 9322 735  Giáo Vụ : (083) 9320 670 Hỗ Trợ Kỹ Thuật Cho HVNN : (083) 9322 962  Administrator : [email protected] - YM : Van_Nguyen03


PUBLISHER'S NOTE SUMMARIZING THE USEPA AUDIT POLICY

PUBLISHER'S NOTE SUMMARIZING THE USEPA AUDIT POLICY

Documents
Infection Prevention and Control: Audit Policy Prevention and Control Audit Policy EEAST_IPC Audit Policy_V1.2 Page 2 of 17 January 2015 Document Reference Relevant Trust objective:

Infection Prevention and Control: Audit Policy Prevention and Control Audit Policy EEAST_IPC Audit Policy_V1.2 Page 2 of 17 January 2015 Document Reference Relevant Trust objective:

Documents
Positive Behaviour Policy Contents Audit

Positive Behaviour Policy Contents Audit

Documents
Audit and Assessment Policy & Guidance · 2018-04-16 · Audit and Assessment Policy & Guidance Audit and Assessment Policy & Guidance - Table of Contents Introduction –page 3 Policy

Audit and Assessment Policy & Guidance · 2018-04-16 · Audit and Assessment Policy & Guidance Audit and Assessment Policy & Guidance - Table of Contents Introduction –page 3 Policy

Documents
BYPAD (Bicycle Policy Audit): cycling policy as a dynamic processECOMM Groningen, 12th May 2006 BYPAD (Bicycle Policy Audit): cycling policy as a dynamic

BYPAD (Bicycle Policy Audit): cycling policy as a dynamic processECOMM Groningen, 12th May 2006 BYPAD (Bicycle Policy Audit): cycling policy as a dynamic

Documents
Audit and Assessment Policy & Guidance - Walmart

Audit and Assessment Policy & Guidance - Walmart

Documents
Infection Prevention and Control: Audit Policy

Infection Prevention and Control: Audit Policy

Documents
IT Security & Audit Policy

IT Security & Audit Policy

Documents
Policy Audit Topic: Environmental Remediation and Health

Policy Audit Topic: Environmental Remediation and Health

Documents
Developing a clinical audit policy - HQIP...audit policy and strategy • A clinical audit report template: To provide consistency in clinical audit reporting. The aim of this publication

Developing a clinical audit policy - HQIP...audit policy and strategy • A clinical audit report template: To provide consistency in clinical audit reporting. The aim of this publication

Documents
Policy Audit Topic: Neighborhood, Community Development & Housing

Policy Audit Topic: Neighborhood, Community Development & Housing

Documents
Safecity Policy Project: Railway Stations Audit Reportsafecity.in/wp-content/uploads/2017/04/Safecity-Policy-Project... · Safecity Policy Project: Railway Stations Audit Report

Safecity Policy Project: Railway Stations Audit Reportsafecity.in/wp-content/uploads/2017/04/Safecity-Policy-Project... · Safecity Policy Project: Railway Stations Audit Report

Documents
Clinical Audit and Service Evaluation Policy

Clinical Audit and Service Evaluation Policy

Documents
ARIS WHAT‘S NEW? - info.softwareag.com€˜s New... · Stress Testing Policy Management Policy Mapping & Tracking Attestation Audit Management Auditor Audit Planning Audit Templates

ARIS WHAT‘S NEW? - info.softwareag.com€˜s New... · Stress Testing Policy Management Policy Mapping & Tracking Attestation Audit Management Auditor Audit Planning Audit Templates

Documents
Self-Audit Policy

Self-Audit Policy

Documents
Summary of EPA’s Audit Policy · 3 EPA’s Audit Policy: Purpose and History The purpose of EPA’s Audit Policy is to encourage regulated entities to… voluntarily discover, disclose,

Summary of EPA’s Audit Policy · 3 EPA’s Audit Policy: Purpose and History The purpose of EPA’s Audit Policy is to encourage regulated entities to… voluntarily discover, disclose,

Documents
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer

Documents
Handling Non-Compliance and Audit Policy

Handling Non-Compliance and Audit Policy

Documents
Audit of Policy on Internal Control – Information ... · D.2.1D Audit of Policy on Internal Control – Information Technology General Controls (ITGCs) Audit Office of the Chief

Audit of Policy on Internal Control – Information ... · D.2.1D Audit of Policy on Internal Control – Information Technology General Controls (ITGCs) Audit Office of the Chief

Documents
Policy Audit Topic: Landscape, Ecology, Open Space

Policy Audit Topic: Landscape, Ecology, Open Space

Documents
ACCOUNTING AND AUDIT POLICY

ACCOUNTING AND AUDIT POLICY

Documents
Windows Advanced Audit Policy Configuration · 3/2/2020  · Windows Advanced Audit Policy Configuration [Subtitle] 1. Account Logon 1.1 Audit Credential Validation (Enable/Enable)

Windows Advanced Audit Policy Configuration · 3/2/2020  · Windows Advanced Audit Policy Configuration [Subtitle] 1. Account Logon 1.1 Audit Credential Validation (Enable/Enable)

Documents
Developing a meaningful Audit and Assurance Policy

Developing a meaningful Audit and Assurance Policy

Documents
Purchase Policy Audit

Purchase Policy Audit

Documents
IT Security Audit Policy

IT Security Audit Policy

Documents
Louisa County Food Policy Audit Final Report

Louisa County Food Policy Audit Final Report

Documents
GLOBAL INTERNAL AUDIT POLICY - MCB Bank

GLOBAL INTERNAL AUDIT POLICY - MCB Bank

Documents
CAA Audit Policy and Procedure Manual

CAA Audit Policy and Procedure Manual

Documents
Ampco-Pittsburgh Corporationampcopittsburgh.com/otherinformation/corporate_governance/Audit... · AUDIT COMMITTEE POLICY FOR APPROVAL OF AUDIT AND NON-AUDIT ... Independent Auditor

Ampco-Pittsburgh Corporationampcopittsburgh.com/otherinformation/corporate_governance/Audit... · AUDIT COMMITTEE POLICY FOR APPROVAL OF AUDIT AND NON-AUDIT ... Independent Auditor

Documents
Clinical Audit Policy - UH Bristol NHS FT Audit Policy Document Data Subject: Clinical Audit Document Type: Policy Document Status: Approved Executive Lead: Medical Director Document

Clinical Audit Policy - UH Bristol NHS FT Audit Policy Document Data Subject: Clinical Audit Document Type: Policy Document Status: Approved Executive Lead: Medical Director Document

Documents