Setting up Audit Policies in AD on Server 2003.

Are there auditing policies to monitor the following:
1. Change of privileges
2. The installation/uninstallation of software
3. When and by whom a certain service is stopped/started
4. Modifying the actual auditing settings

If there are, which policy should I set up for each or how do I go about setting these up?

Also is there a way to secure audit policies so that they cannot be altered?

Thanks!
sliknick1028Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

abraham808Commented:
I think you need a 3rd party APP. Like Netpro Change Auditor

But This could start you in the right direction.
http://www.computerperformance.co.uk/w2k3/gp/group_policy_security_audit.htm

Open Group Policy
4. Under Computer Configuration>Windows Settings>Security Settings>Local Polices>Audit Policy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sliknick1028Author Commented:
Yes, I knew about the Auditing Policies in Group Policy but I wanted to know which of the audit policies covered the 4 things that I listed above.  I read the "Explain this setting" section for each policy but non of them exactly mentioned anything about the 4.  I wanted a more specific answer... for example "Audit account management" will work for "change of priviledges" (I know it doesn't just giving an example)
-Thanks!
0
abraham808Commented:
I think you need a 3rd Party app that does those things.  It's not that cut and dry in Group Policy.
0
naldiianCommented:
Your list requires enabling all of the options for auditing that are available in 2003, and more importantly you would need to enable enforcement of the audit policies on the member computers of the domain, rather than just the domain controllers - also meaning you would need to capture and review the logs from the actual member servers and workstations where you want to audit these things, as not all of this will involve the domain and may therefore not be logged there.
As far as restricting security for setting these policies, they are restricted to administrators of the involved systems be default, though they can be delegated and may not be limited to admins in a given environment if previously changed. Again, this means domain admins for the domain level, but just local administrators of the workstations and member servers
The volume of information that is generated in the security logs with this level of auditing, plus the requirement of getting the logs from multiple systems to know the whole picture, does lead to a strong case for using an applicaiton solution that can consolidate all of the information and provide ways to present it in usable formats to fit the objectives you have.
0
sliknick1028Author Commented:
abraham808 was first to say that it would require a 3rd party solution, but naldiian spelled it all out for me.   Thanks guys!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.