Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (19.75 KB, 1 trang )
Selecting Events to Audit
Copyright 2002 Microsoft Corporation. All Rights Reserved. Windows 2000 Events
Windows
2000 Events
The following table describes the events that Windows 2000 can audit.
Event Example
Account logon
A security database authenticates an account. When a user logs on to the
local computer, the computer records the account logon event. When a
user logs on to a domain, the authenticating domain controller records the
account logon event.
Account
management
An administrator creates, changes, or deletes a user account or group. A
user account is renamed, disabled, or enabled, or a password is set or
changed.
Directory
service
access
A user gains access to an Active Directory object. To log this type of
access, you must configure specific Active Directory objects for auditing.
Logon
A user logs on to or off a local computer, or a user makes or cancels a
network connection to the computer. The event is recorded on the
computer that the user accesses, independent of whether a local account
or a domain account is used.
Object access
A user gains access to a file, folder, or printer. The administrator must
configure specific files, folders, or printers for auditing.