Auditing user accounts in Windows Server 2008 R2, 2008 serverda kullanıcı takip

Windows Group Policy
is a powerful collection of configuration elements, and it can roll
nicely into security configurations required for organizations of
various types. One Group Policy configuration that may be useful is the
User Account Management Audit Policy. This policy allows user account
audits for events, including object being changed, created, deleted,
renamed, enabled, and disabled, password changes, permissions
assignment changes, and other actions.

You can get to this setting by going to Computer Configuration |
Windows Settings | Advanced Audit Policy Configuration | Account
Management | User Account Management. The policy is shown in Figure A.

Figure A

Click the image to enlarge.

Once you enable this configuration, relevant events are passed into the Windows Security log for user account objects.

Let’s go through a quick example with this audit configuration in
place. On a test server, I did two events that will cause an audit
event: I enabled the guest account, and then I changed the password for
that account. Once those two tasks were done, these events were logged
in the Security log on the local server. Figure B shows the password event being logged.

Figure B

Click the image to enlarge.

This audit configuration can be managed centrally with Group Policy
and configured for event forwarding. This auditing can be beneficial to
monitor accounts for change records for selected accounts.

http://blogs.techrepublic.com.com/datacenter/?p=1262&tag=nl.e040