Enabling security audit policies

An important part of any security plan is the ability to monitor and audit events on your network. These event logs are frequently referenced to identify security holes or breaches. Identifying attempts and preventing them from becoming successful breaches of your system security is critical. In Windows, you can use Group Policies to set up an audit policy that can track user activities or system events in specific logs.

To keep track of your system auditing policy, GFI LanGuard collects the security audit policy settings from target computers and includes them in the scan result. To access more information on the result click on Security Audit Policy sub–node.

Apart from gaining knowledge on the current audit policy settings, you can also use GFI LanGuard to access and modify the audit policy settings of your target computers. To achieve this:

1. After scanning a remote computer, from the Scan Results Overview panel, right–click on the respective target computer and select Enable auditing on > This computer/Selected computers/All computers.

The audit policy administration wizard

The audit policy administration wizard

2. Select/unselect auditing policies accordingly, and click Next to deploy the audit policy configuration settings, on the target computer(s).

3. At this stage, a dialog will show whether the deployment of audit policy settings was successful or not. To proceed to the next stage click Next. Click Back to re–deploy settings on failed computers.

4. Click Finish to finalize configuration. Restart a scan to update results.