How to configure granular audit policies?

This article explains how to configure advanced audit policies for auditing an Active Directory domain.
Email It to Me Print this Page
Question How to configure granular audit policies for auditing an Active Directory domain with Netwrix Auditor.
Answer To configure granular audit policies, perform the following steps:
 
1. Navigate to Start --> Administrative Tools --> Group Policy Management Console:
2. Expand the Forest: <forest_name> --> Domains --> DomainName --> Group Policy Objects --> Default Domain Controllers Policy node, right-click it and select Edit:

User-added image

3. In the Group Policy Management Editor, navigate to Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Advanced Audit Policy Configuration --> Audit Policies --> Account Management:
Set the following policies to "Success" on all domain controllers:
  • Audit Computer Account Management
  • Audit Distribution Group Management
  • Audit Security Group Management
  • Audit User Account Management
User-added image

4. Navigate to Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Advanced Audit Policy Configuration --> Audit Policies --> DS Access:
Set the Audit Directory Service Access policy to "Success" on all domain controllers.
 
User-added image

5. Navigate to Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Advanced Audit Policy Configuration --> Audit Policies --> Logon/Logoff and set the Audit Logoff and Audit Logon policies to "Success".
These policies are only required to collect the information on the originating workstation, i.e., the computer from which a change was made.

User-added image
Was this information helpful?