Electronic Books

Event logging is the core tracking mechanism for accountability. It should be con?¬? gured at the
domain policy level and not at the local policy level. For ?¬? lers, audit should be set to success and
failure for object access and success and failure for policy change. If additional auditing is turned
on, extra events that do not pertain to accountability will be recorded.
Once auditing is turned on at the server and con?¬? gured at the domain level, the objects or
resources can be successfully tracked. Th e audit tab on the advanced security settings for the
resource should audit for the two groups who do not need access on a regular basis: the administrators
and the antigroup. Keep in mind, the antigroup is everyone who does not have permission.
Th e antigroup was de?¬? ned by the accounts domain administrator at the universal group level by
adding the global groups who do not need access to the resources of the department. If the permissions
administrator failed to set the deny all permission and did set the audit for both success
and failure, the inappropriate access would still be logged. Th is is possible only for the antigroup
and not the built-in ???everyone group.??? Th e ???everyone group??? includes everyone who has access
to the network, which includes the people with permissions. If everyone is audited, both inappropriate
access and correct access will be logged. Th e goal is to log only inappropriate access.
Accountability
171
Th e administrator must see both success and failure audit events at accessing resources by the
antigroup.


Pages:
309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333