I am new to the usage of Auditing and I hoped you could help me setting up a proper Auditing System. Auditing is enabled on my domain, however I believe I have to overwrite my local policy first of all - (GPO?)
Then I have 1 domain user I want to monitor;
- Logon / Logoff;
- File access (which files);
- File Changes (which files);
- When possible I would like to monitor SQL actions also, however this is not possible the normal way, is there an alternative way to do so?
I did try some stuff but ended up with lots of data in my auditing eventlog. How can I do the above without all unwanted info?
When possible (e.g. using third party tool) I would like to know what the changes were. I do not want to use any spyware or keyloggers but proper software for the Enterprise, however if costs are associated, at an acceptable level.
If it's relevant; the user access the servers via a Citrix Metaframe XP Console (using a published RDP session).
Help is highly appreciated.