deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fixing merge conflicts

Browse Source
This commit is contained in:
Brian Lich
2016-06-02 15:19:58 -07:00
parent 41aa33c7c2 6db675a76f
commit 5e5d121d83
527 changed files with 31450 additions and 1691 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
windows/keep-secure/audit-directory-service-access.md
View File

@ -1,34 +1,40 @@
---
title: Audit Directory Service Access (Windows 10)
description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (ADÂ DS) object is accessed.
ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0
<<<<<<< HEAD
ms.prod: w10
=======
ms.pagetype: security
ms.prod: W10
>>>>>>> secaudit
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
author: Mir0sh
---
# Audit Directory Service Access
**Applies to**
- Windows 10
- Windows 10
- Windows Server 2016
This topic for the IT professional describes the advanced security audit policy setting, **Audit Directory Service Access**, which determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
These events are similar to the Directory Service Access events in previous versions of the Windows Server operating systems.
> **Important:**  Audit events are generated only on objects with configured system access control lists (SACLs), and only when they are accessed in a manner that matches the SACL settings.
 
Event volume: High on servers running AD DS role services; none on client computers
Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
Default: Not configured
**Event volume**: High on servers running AD DS role services.
| Event ID | Event message |
| - | - |
| 4662 | An operation was performed on an object. |
 
## Related topics
This subcategory allows you to audit when an Active Directory Domain Services (AD DS) object is accessed. It also generates Failure events if access was not granted.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | No | Yes | No | Yes | It is better to track changes to Active Directory objects through the [Audit Directory Service Changes](audit-directory-service-changes.md) subcategory. However, [Audit Directory Service Changes](audit-directory-service-changes.md) doesnt give you information about failed access attempts, so we recommend Failure auditing in this subcategory to track failed access attempts to Active Directory objects.<br>For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections. Also, develop an Active Directory auditing policy ([SACL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx) design for specific classes, operation types which need to be monitored for specific Organizational Units, and so on) so you can audit only the access attempts that are made to specific important objects. |
| Member Server | No | No | No | No | This subcategory makes sense only on domain controllers. |
| Workstation | No | No | No | No | This subcategory makes sense only on domain controllers. |
**Events List:**
- [4662](event-4662.md)(S, F): An operation was performed on an object.
- [4661](event-4661.md)(S, F): A handle to an object was requested.
- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)