deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1951 from MicrosoftDocs/Kellylorenebaker-patch-7

Browse Source 
Edit pass: monitor-the-central-access-policies-that-apply-on-a-file-s…
This commit is contained in:
Kelly Baker 2020-02-05 17:27:52 -08:00 committed by GitHub
commit b0abaa735c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
View File

@ -1,6 +1,6 @@
---
title: Monitor central access policies on a file server (Windows 10)
description: Learn how to monitor changes to the central access policies that apply to a file server, when using advanced security auditing options.
description: Learn how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options.
ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
ms.reviewer:
ms.author: dansimp
@ -22,40 +22,42 @@ ms.date: 04/19/2017
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. Central access policies are created on a domain controller and then applied to file servers through Group Policy management.
This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management.
Use the following procedures to configure and verify security auditing settings that are used to monitor changes to the set of central access policies on a file server. The following procedures assume that you have configured and deployed dynamic access control, including central access policies, and claims in your network. If you have not yet deployed dynamic access control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx).
Use the following procedures to configure and verify security auditing settings that are used to monitor changes to the set of CAPs on a file server. The following procedures assume that you have configured and deployed dynamic access control, including CAPs and claims, in your network. If you have not yet deployed dynamic access control in your network, see [Deploy a Central Access Policy (Demonstration Steps)](https://technet.microsoft.com/library/hh846167.aspx).
**To configure settings to monitor changes to central access policies**
1. Sign in to your domain controller by using domain administrator credentials.
2. In Server Manager, point to **Tools**, and then click **Group Policy Management**.
3. In the console tree, right-click the flexible access Group Policy Object, and then click **Edit**.
4. Double-click **Computer Configuration**, double-click **Security Settings**, double-click **Advanced Audit Policy Configuration**, double-click **Policy Change**, and then double-click **Other Policy Change Events**.
2. In Server Manager, point to **Tools**, and then select **Group Policy Management**.
3. In the console tree, select the flexible access Group Policy Object, and then select **Edit**.
4. Select **Computer Configuration** > **Security Settings** > **Advanced Audit Policy Configuration** > **Policy Change** > **Other Policy Change Events**.
>**Note:**  This policy setting monitors policy changes that might not be captured otherwise, such as central access policy changes or trusted platform module configuration changes.
> [!NOTE]
> This policy setting monitors policy changes that might not be captured otherwise, such as CAP changes or trusted platform module configuration changes.
 
5. Select the **Configure the following audit events** check box, select the **Success** check box (and the **Failure** check box, if desired), and then click **OK**.
5. Select the **Configure the following audit events** check box, select the **Success** check box (and the **Failure** check box, if desired), and then select **OK**.
After you modify the central access policies on the domain controller, verify that the changes have been applied to the file server and that the proper events are logged.
After you modify the CAPs on the domain controller, verify that the changes have been applied to the file server and that the proper events are logged.
**To verify changes to the central access policies**
1. Sign in to your domain controller by using domain administrator credentials.
2. Open the Group Policy Management Console.
3. Right-click **Default domain policy**, and then click **Edit**.
4. Double-click **Computer Configuration**, double-click **Policies**, and then double-click **Windows Settings**.
5. Double-click **Security Settings**, right-click **File system**, and then click **Manage CAPs**.
6. In the wizard that appears, follow the instructions to add a new central access policy (CAP), and then click **OK**.
7. Use local administrator credentials to sign in to the server that hosts resources that are subject to the central access policies you changed.
8. Press the Windows key + R, then type **cmd** to open a Command Prompt window.
3. Select **Default domain policy**, and then select **Edit**.
4. Select **Computer Configuration** > **Policies**, and then select **Windows Settings**.
5. Select **Security Settings** > **File system**, and then select **Manage CAPs**.
6. In the wizard that appears, follow the instructions to add a new CAP, and then select **OK**.
7. Use local administrator credentials to sign in to the server that hosts resources that are subject to the CAPs you changed.
8. Select the Windows logo key+R, and then type **cmd** to open a command prompt window.
>**Note:**  If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
> [!NOTE]
> If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
 
9. Type **gpupdate /force**, and press ENTER.
10. In Server Manager, click **Tools**, and then click **Event Viewer**.
11. Expand **Windows Logs**, and then click **Security**. Verify that event 4819 appears in the security log.
9. Type **gpupdate /force**, and then select the Enter key.
10. In Server Manager, select **Tools**, and then select **Event Viewer**.
11. Expand **Windows Logs**, and then select **Security**. Verify that event 4819 appears in the security log.
## Related resource
## Related resources
- [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)