Pau Lo
asked on
logon success and failure auditing
Can anyone elaborate on the risk on not enabling logon success and failure auditing on file servers? Our admin doesnt enable auditing for such events and doesnt see it as a risk - as its only a select few IT admins who could ever logon anyway, so doesnt see what value such auditing would bring. Can anyone give a good example where logon success and failure would be required - and issues that could arise by not enabling logon success or failure.
ASKER
Thats not really the question though - the question is what is the risk in not enabling auditing - when will it come back to haunt you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is the best practice for security audits http://technet.microsoft.com/en-us/library/cc778162(v=ws.10).aspx
You can use this link to configure security audits http://technet.microsoft.com/en-us/library/dd277403.aspx