Hey gang, well I wanted to ask the group, what is everyone doing about their audit policies on Windows 2008 R2 for domain controllers or member servers.
I have mapped out all the audit categories and sub-categories, and events, but I don't want the logs to turn into soup, so kinda wanted to see what others were doing for which categories and subcategories they turned on auditing for. Would be nice to bounce some ideas off about certain events. ( Already plowed through M$ site descriptions, the Microsoft Security Resource Kit and Randy Franklin Smith's Eventlog site) Feel free to post here, or if you like catch me offline, love to hear the feedback. After this its on to Firewall rules accordingly for the servers and either scripting or GPOing that out for a baseline. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~