General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  31

                      you will be using either Windows 2003 (any version) or Windows XP
                      Professional. (Please note that Windows XP Home does not support
                      auditing of object access, so it cannot be used for this exercise.)
                         When configuring auditing in Windows 2003 or Windows XP, it must
                      be configured at the local machine level, unless the machine is a
                      member machine participating in an Active Directory domain, in which
                      case the Auditing policy may be configured at the domain level through
                      the use of Group policy.
                         This also applies to auditing on domain controllers if they are config-
                      ured at the local security settings level. The settings applied to domain
                      controllers at the local security level are not automatically applied to all
                      domain controllers unless they are configured in the Default Domain
                      controller policy in Active Directory.
                         To start the audit process, you must access the local security policy
                      Microsoft Management Console (MMC) in Administrative Tools. This is
                      reached through Start | Programs | Administrative Tools | Local Security
                      Policy. When you have opened the tool, navigate to Local Policies |
                      Audit Policy; you should see a screen as shown in Figure 1.7.

                 Figure 1.7 The Audit Policy Screen






































                                                                              www.syngress.com