Data Network Resource
       Earn on the Web

21. Auditing


Back to Contents

Audit policies are set up computer by computer. You must be able to log on to the computer before setting the policy. The audit policy is defined in User Manager for Domains, selecting Audit on the Policies menu gives you the following events that you can tick for success or failure:

  • Logon and Logoff
  • File and Object Access - a directory, file or printer.
  • Use of User Rights
  • User and Group Management - modifications to accounts.
  • Security Policy Changes - changes made to user rights, audit or trust relationships.
  • Restart, Shutdown and System - includes effects on the security log.
  • Process Tracking

To audit files and directories you select the Security tab in the Properties of the file or directory. If you click on Auditing you can audit on the following events:

  • Read
  • Write
  • Execute
  • Delete
  • Change Permissions
  • Take Ownership

You can select whether to have auditing on files in subdirectories as well, or just the files in the given directory. Auditing the Everyone Group is a good idea as you can track anyone who connects.

Auditing a printer is also done by selecting the Security tab in the Properties of the printer and clicking Auditing. The events that can be audited for the selected group are:

  • Print
  • Full Control - changes to job settings, moving documents etc.
  • Delete - deletion of print jobs
  • Change Permissions
  • Take Ownership

The Event Viewer allows you to view the following logs:

  • System Log - Windows NT errors, warnings and information set by NT itself.
  • Security Log - results of your audit policy.
  • Application Log - Program errors, warnings or information, set by the programmer.

In order to view the Security log you need to select Event Viewer in Administrative Tools. Once you have done this, select the Log menu and pick Security. The key symbol indicates a success, a lock symbol indicates a failure and the category tells you the type of event defined in your audit policy. You can look at the security log on another computer by selecting the computer in the log menu.

In Event Viewer, selecting Filter Events in the View menu allows you to decide which events to look at, based on time, type, source, category, user, computer, ID or description.

Archiving the Event logs is a good way to track trends. You save the log by clicking on Save As in the log menu of Event Viewer. In the Event Log Settings log files (*.evt files) can be set to between 64K and 4,194,240K (default is 512K). You can also decide how to overwrite events, manually, as needed or of a certain age.

Windows NT Diagnostics (Winmsd.exe) in Administrative Tools allows you to look at Services, Resources, Environment, Network, Version, System, Display, Drives and Memory, although they are only a read only display.

Performance Monitor is used to gauge a computer's performance. It is launched from the Administrative Tools menu and it manages the following objects:

  • Cache
  • LogicalDisk
  • Memory
  • Objects
  • Paging File
  • PhysicalDisk
  • Process
  • Processor
  • Redirector
  • Server
  • System
  • Thread

The counter Processor: % Processor Time shows processor activity. Consistent usage above 80% indicates that the processor is a bottleneck.

The counter Processor: Interrupts/Sec measures the rate of service requests from I/O devices. If this increases without a corresponding increase in system activity, then there may be a hardware fault.

The counter System: Processor Queue Length shows the number of threads. If the queue length is consistently greater than 2, there may be a processor over load.

Sustained hard page faults indicates that there is a memory bottleneck. This is because data that a program needs is not in physical memory and has to be retrieved from the page file. The counters for memory are Pages/sec, Available bytes, Committed Bytes and Pool Nonpaged Bytes.

Pressing Ctrl & H highlights the graph line.

Network Monitor is installed via the Network program and is accessed from the Administrative Tools menu. It is a cut down version from the one you can obtain from SMS. It only captures frames sent to and from the computer. The four main sections are the Graph, the Session statistics, the Total statistics and the station statistics.

Go to 22. Monitoring Resources on the Network

Home

Valid HTML 4.01 Transitional

Disclaimer



Earn on the Web    


All rights reserved. All trademarks, logos, and copyrights are property of their respective owners.