Aplica a las versiones Windows Server 2012, Windows Server 2008 R2, y Windows Server 2008.

Audit Policy Category or Subcategory Windows Default

Success Failure

Baseline Recommendation

Success Failure

Stronger Recommendation

Success Failure

Account Logon
Audit Credential Validation No No Yes Yes Yes Yes
Audit Kerberos Authentication Service Yes Yes
Audit Kerberos Service Ticket Operations Yes Yes
Audit Other Account Logon Events Yes Yes
Account Management
Audit Application Group Management
Audit Computer Account Management Yes DC Yes Yes
Audit Distribution Group Management
Audit Other Account Management Events Yes Yes Yes Yes
Audit Security Group Management Yes Yes Yes Yes
Audit User Account Management Yes No Yes Yes Yes Yes
Detailed Tracking
Audit DPAPI Activity Yes Yes
Audit Process Creation Yes No Yes Yes
Audit Process Termination
Audit RPC Events
DS Access
Audit Detailed Directory Service Replication
Audit Directory Service Access DC DC DC DC
Audit Directory Service Changes DC DC DC DC
Audit Directory Service Replication
Logon and Logoff
Audit Account Lockout Yes No Yes No
Audit User/Device Claims
Audit IPsec Extended Mode
Audit IPsec Main Mode IF IF
Audit IPsec Quick Mode
Audit Logoff Yes No Yes No Yes No
Audit Logon Yes No Yes Yes Yes Yes
Audit Network Policy Server Yes Yes
Audit Other Logon/Logoff Events Yes Yes
Audit Special Logon Yes No Yes No Yes Yes
Object Access
Audit Application Generated
Audit Certification Services
Audit Detailed File Share
Audit File Share
Audit File System
Audit Filtering Platform Connection
Audit Filtering Platform Packet Drop
Audit Handle Manipulation
Audit Kernel Object
Audit Other Object Access Events
Audit Registry
Audit Removable Storage
Audit SAM
Audit Central Access Policy Staging
Policy Change
Audit Audit Policy Change Yes No Yes Yes Yes Yes
Audit Authentication Policy Change Yes No Yes No Yes Yes
Audit Authorization Policy Change
Audit Filtering Platform Policy Change
Audit MPSSVC Rule-Level Policy Change Yes
Audit Other Policy Change Events
Privilege Use
Audit Non Sensitive Privilege Use
Audit Other Privilege Use Events
Audit Sensitive Privilege Use
System
Audit IPsec Driver Yes Yes Yes Yes
Audit Other System Events Yes Yes
Audit Security State Change Yes No Yes Yes Yes Yes
Audit Security System Extension Yes Yes Yes Yes
Audit System Integrity Yes Yes Yes Yes Yes Yes
Global Object Access Auditing
Audit IPsec Driver
Audit Other System Events
Audit Security State Change
Audit Security System Extension
Audit System Integrity

Notation Recommendation
YES Enable in general scenarios
NO Do not enable in general scenarios
IF Enable if needed for a specific scenario, or if a role or feature for which auditing is desired is installed on the machine
DC Enable on domain controllers
[Blank] No recommendation

 

Leave a Reply

error: ooops!