Aplica a las versiones Windows Server 2012, Windows Server 2008 R2, y Windows Server 2008.
Audit Policy Category or Subcategory | Windows Default
Success Failure |
Baseline Recommendation
Success Failure |
Stronger Recommendation
Success Failure |
---|---|---|---|
Account Logon | |||
Audit Credential Validation | No No | Yes Yes | Yes Yes |
Audit Kerberos Authentication Service | Yes Yes | ||
Audit Kerberos Service Ticket Operations | Yes Yes | ||
Audit Other Account Logon Events | Yes Yes | ||
Account Management | |||
Audit Application Group Management | |||
Audit Computer Account Management | Yes DC | Yes Yes | |
Audit Distribution Group Management | |||
Audit Other Account Management Events | Yes Yes | Yes Yes | |
Audit Security Group Management | Yes Yes | Yes Yes | |
Audit User Account Management | Yes No | Yes Yes | Yes Yes |
Detailed Tracking | |||
Audit DPAPI Activity | Yes Yes | ||
Audit Process Creation | Yes No | Yes Yes | |
Audit Process Termination | |||
Audit RPC Events | |||
DS Access | |||
Audit Detailed Directory Service Replication | |||
Audit Directory Service Access | DC DC | DC DC | |
Audit Directory Service Changes | DC DC | DC DC | |
Audit Directory Service Replication | |||
Logon and Logoff | |||
Audit Account Lockout | Yes No | Yes No | |
Audit User/Device Claims | |||
Audit IPsec Extended Mode | |||
Audit IPsec Main Mode | IF IF | ||
Audit IPsec Quick Mode | |||
Audit Logoff | Yes No | Yes No | Yes No |
Audit Logon | Yes No | Yes Yes | Yes Yes |
Audit Network Policy Server | Yes Yes | ||
Audit Other Logon/Logoff Events | Yes Yes | ||
Audit Special Logon | Yes No | Yes No | Yes Yes |
Object Access | |||
Audit Application Generated | |||
Audit Certification Services | |||
Audit Detailed File Share | |||
Audit File Share | |||
Audit File System | |||
Audit Filtering Platform Connection | |||
Audit Filtering Platform Packet Drop | |||
Audit Handle Manipulation | |||
Audit Kernel Object | |||
Audit Other Object Access Events | |||
Audit Registry | |||
Audit Removable Storage | |||
Audit SAM | |||
Audit Central Access Policy Staging | |||
Policy Change | |||
Audit Audit Policy Change | Yes No | Yes Yes | Yes Yes |
Audit Authentication Policy Change | Yes No | Yes No | Yes Yes |
Audit Authorization Policy Change | |||
Audit Filtering Platform Policy Change | |||
Audit MPSSVC Rule-Level Policy Change | Yes | ||
Audit Other Policy Change Events | |||
Privilege Use | |||
Audit Non Sensitive Privilege Use | |||
Audit Other Privilege Use Events | |||
Audit Sensitive Privilege Use | |||
System | |||
Audit IPsec Driver | Yes Yes | Yes Yes | |
Audit Other System Events | Yes Yes | ||
Audit Security State Change | Yes No | Yes Yes | Yes Yes |
Audit Security System Extension | Yes Yes | Yes Yes | |
Audit System Integrity | Yes Yes | Yes Yes | Yes Yes |
Global Object Access Auditing | |||
Audit IPsec Driver | |||
Audit Other System Events | |||
Audit Security State Change | |||
Audit Security System Extension | |||
Audit System Integrity |
Notation | Recommendation |
YES | Enable in general scenarios |
NO | Do not enable in general scenarios |
IF | Enable if needed for a specific scenario, or if a role or feature for which auditing is desired is installed on the machine |
DC | Enable on domain controllers |
[Blank] | No recommendation |