Executive Summary:
Per-user auditing, which is available in Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP SP2, enables you to define inclusion and exclusion exceptions to the Windows audit policy. You can configure per-user auditing by using the auditusr.exe and auditpol.exe tools. You can restrict which computers a user can log on to in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. The CustomSD registry value controls which users get what level of access (i.e., read access, write access, clear access) to the Windows Security event log.
|