our CEO wants to enable auditing for the Domain Controllers (to know, who i.e. has changed some Settings of an user account ...)
So we want to secure our Windows security Event logs. The Goal is that all secuity Events will be logged and NO Administrator can delete the log withot "backup" them on another System.
Some possible Solutions can be:
--- All Windows security Event logs will be stored or forwarded to a secured System, wich only a Special Admin has Access to.
--- Only a Special Admin can delete the security logs on the DC (and before, he has to backup them ...)
--- All security Events are grabbed by an Audit System (or forwardet to this)
--- Or another solution, wich you perhaps know.
The System or the configuration should be as easy (and cheap) as possible :-).
thanks for your help