What This Document Is
This document is a practical audit of common security threats within a Windows Server 2016 environment, specifically focusing on configuring audit policies using Group Policy Management. It details the process of accessing and modifying these policies to track system events and account activity. The document is presented as a series of screenshots and observations from a hands-on exercise.
Why This Document Matters
This resource is valuable for system administrators and IT professionals responsible for maintaining the security and integrity of Windows Server networks. It’s relevant during security hardening procedures, compliance audits, or when investigating potential security incidents. Understanding how to configure audit policies is crucial for identifying and responding to threats effectively. This appears to be a student assignment completed for an ITT-121 System Administration and Maintenance course at Grand Canyon University.
Common Limitations or Challenges
This document provides a focused walkthrough of *how to access* audit policy settings. It does not offer a comprehensive overview of all possible audit settings, threat modeling, or best practices for interpreting audit logs. It also doesn’t cover the broader context of security information and event management (SIEM) systems or advanced security monitoring techniques. It is a specific, limited demonstration.
What This Document Provides
This document includes:
* Step-by-step screenshots illustrating how to open Group Policy Management in Server Manager.
* Visual guidance on navigating to the Audit Policy settings within the Group Policy Management Editor.
* Images showing the available audit categories (e.g., Account Logon, System Events).
* Demonstration of how to enable audit policies and define which events to track.
* Instructions on accessing audit logs through the Event Viewer.
This preview does *not* include detailed explanations of each audit policy setting, recommendations for specific configurations, or analysis of audit log data. It does not provide a complete security audit plan.