Audilitics
Generic filters
Generic filters

Auditing Windows Servers & Clients

Server 2016

← Go back

AID41
Severitymedium
Audit

Windows Server 2016 must be configured to audit DS Access - Directory Service Changes failures.

Guidance

Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior.

Audit Directory Service Changes records events related to changes made to objects in Active Directory Domain Services.

Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000458-GPOS-00203, SRG-OS-000463-GPOS-00207, SRG-OS-000468-GPOS-00212

Recommendations

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> DS Access >> "Directory Service Changes" with "Failure" selected.

NIST SP 800-53

AC-6 (9);AU-12 c

STIGWindows Server 2016 Security Technical Implementation Guide :: Version 1, Release: 13 Benchmark Date: 15 May 2020

This entry has no reviews.

Review this entry

Your email address will not be published. Required fields are marked *

Please provide a rating

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Server 2019
You are not allowed to view this content.
Windows 10
You are not allowed to view this content.
Active Directory
You are not allowed to view this content.
DNS
You are not allowed to view this content.

Pin It on Pinterest