Advance auditing enabling in domain controllers, servers and workstations

Hi Experts,

We are being audited by external partners, and they recommended to enable Advanced security audit policy, and enable all features as per screenshot below. The problem with this change is they want to apply to all DCs, workstations and servers of the organization.

I need your help to identify and prevent any major impact or performance degradation, as this change will be applied to all DCs, servers and workstations.

Can you please provide me with some sort of documentation about business case, blogs, service impact after enabling advance auditing?

What is the service impact for a large organization once this policies are enabled?

Any performance issues or log file impact on servers/dcs/workstation after enabling this per link below?
https://technet.microsoft.com/en-us/library/dn319056%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

Any known issues after applied advance auditing per link above?

Please, provide your input and elaborate the answers, it would be highly appreciated that you do not only attach links, more than links look for your feedback.

Provide instructions steps by step in case of the elaboration of a plan to prevent service/server degradation

Single forest/Single domain/multiple sites, all DCs are Windows 2012 R2 latest patches, no other software running on DCs.

Windows 2008 is the forest and domain level

All workstations run Windows 7 and 10.

Servers is a mix of 2003/2008/2008R2/2012/2012 R2
AuditDCs.png
auditservers.png
AuditWorkstations.png
Jerry SeinfieldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ajit SinghCommented:
May be some performance problems by trying to audit too much, but i don't think there is any further issue with advance auditing and if there is (may be very minimal) impact on your system, you can turn it down.

Just keep in mind if eventlog is writing the events somewhere, ensure that the disk where your log is placed has enough I/Os. Due to which it cause disk performance problem.

Advanced security auditing FAQ

How to enable the Security Auditing of Active Directory

Hope this helps!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Computers Performance

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.