Table 1: Active Directory Audit Policy Settings
CommentsHardened settingDefault
setting
Policy
Account logon events are generated when a
domain user account is authenticated on a
Domain Controller.
Success and
Failure
No auditingAudit account logon
events
Account management events are generated when
security principal accounts are created, modified,
or deleted.
SuccessNot definedAudit account
management
Directory services access events are generated
when an Active Directory object with a System
Access Control List (SACL) is accessed.
SuccessNo auditingAudit directory service
access
Logon events are generated when a domain user
interactively logs on to a Domain Controller.
Logon events are also generated when a network
logon to a Domain Controller is performed to
retrieve logon scripts and policies.
Success and
Failure
No auditingAudit logon events
(No change)No auditingAudit object access
Policy change events are generated for changes
to user rights assignment policies, audit policies,
or trust policies.
SuccessNo auditingAudit policy change
(No change)No auditingAudit privilege use
(No change)No auditingAudit process tracking
System events are generated when a user restarts
or shuts down the Domain Controller. System
events are also generated when an event occurs
that affects either the system security or the
security log.
SuccessNo auditingAudit system events
Configuration Auditing
Unified CCE captures a history of all system configuration changes in the Config_Msg_Log table. However,
the information that is captured in the Config_Msg_Log table is encrypted. To display the table in a meaningful
format, use the dumpcfg utility, which is a database administration tool. You can use the information that is
retrieved for auditing purposes.
To run the utility, on the command prompt use the following command:
dumpcfg <database></@server>|[</bd begin date>]|[</bt begin time]>|[</ed enddate]>| [</ed
endtime>]|[</nd number_of_days>]|[<low recovery key>]|[<high recovery key>]|.
Where:
Auditing
3
Auditing
Configuration Auditing