Hi,
To comply with PCI DSS I am purchasing something like EventAnalyzer to collate my logs.
However, before I do that I need to make sure all my machines are set up to log correctly.
I have the following in my domain:
1. An SBS 2003 server
2. 4 Windows 2000 servers (2 of them global catalogs)
3. 12 Win XP Pro workstations
4. 3 x Windows 2000 workstations
Am I right in thinking I need to do the following:
a) enable local event auditing for all servers/workstations via Local Security settings/Audit Policy
b) on my Domain Controllers, also enable Audiditing in Domain Controller Security Policy
c) within Active Directory, set auditing via group policy for the domain or OU
d) if I then want to track access to a certain file or folder then I have to do this locally via Explorer and setting the audit settings on the Security tab.
Is all this correct?
Thanks
Dan
To comply with PCI DSS I am purchasing something like EventAnalyzer to collate my logs.
However, before I do that I need to make sure all my machines are set up to log correctly.
I have the following in my domain:
1. An SBS 2003 server
2. 4 Windows 2000 servers (2 of them global catalogs)
3. 12 Win XP Pro workstations
4. 3 x Windows 2000 workstations
Am I right in thinking I need to do the following:
a) enable local event auditing for all servers/workstations via Local Security settings/Audit Policy
b) on my Domain Controllers, also enable Audiditing in Domain Controller Security Policy
c) within Active Directory, set auditing via group policy for the domain or OU
d) if I then want to track access to a certain file or folder then I have to do this locally via Explorer and setting the audit settings on the Security tab.
Is all this correct?
Thanks
Dan
