Windows Office Outlook software tips tricks Outlook Office Windows software tips tricks
 
 
  Home | Windows Tips | Office Tips | News | Books | Search | Contact | Feedback |


NEW! Search the group policy database
            Includes Windows Server 2003
            Windows XP, Windows XP SP 2,
             and Windows 2000
Featured Article — Windows Professional

Auditing registry keys

Auditing in Windows 2000 Professional enables you to track certain events. For example, auditing logon lets you keep track of when users log on, and sometimes more important, when failed logon attempts occur, which can indicate an attempted security breach.

You can audit many different types of events in Windows 2000. One you might consider auditing--if you’re concerned that someone (or an application) is modifying the registry without your knowledge--is registry access. You can track when registry values or subkeys are created or modified, as well as other registry events.

To audit registry keys, you first need to enable object access auditing through group policy or local policy. To enable auditing at the local policy level, follow these steps:

1. Add the Group Policy snap-in to an MMC console focused on the local policy. (Or, simply run GPEDIT.MSC from a command line.)

2. Expand the Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy branch.

3. Double-click Audit Object Access and enable the policy for Success and Failure.

4. Close the policy editor.

After enabling object access auditing you can configure the permissions for individual registry keys to audit them. Follow these steps to configure the registry keys.

5. Open REGEDT32, then locate and select the registry key you want to audit.

6. Choose Security | Permissions to open the Permissions dialog box, then click Advanced.

7. Click the Auditing tab, click Add, and add the security object for which you want to audit registry access. For example, select a group or individual account that you want to monitor for registry access.

8. In the Auditing Entry dialog box, place a check in the Success and/or Failure check boxes for the access events you want to audit. Then click OK.

9. Close the remaining dialog boxes and the Registry Editor.

When you want to disable registry auditing, change the permissions on the key to remove the auditing settings or simply disable object access auditing in the local or group policy.

Other Featured Articles

Introduction to Microsoft Electricity Organize Your Calendar with the Outlook 2003 Calendar Views Add-In
Protect confidential e-mail messages with Rights Management Use Comments in PowerPoint
What to do with all that spam  
Overview of Business Contact Manager  
Make a Common Change to Multiple Contacts  
Understanding Microsoft Client Access Licenses  
Integrating FTP with Your Web Site  

Get a Free ASP-Based Hit Counter

 

// -->

Google
 
Web www.boyce.us

 

Home | Windows Tips | Office Tips | News | Books | Search | Contact | Feedback | Newsletter

All site content copyright 2003-2005, Jim Boyce, Inc. or by respective copyright holders.
All rights reserved, no re-use except by written permission.