快速入门

架构

架构

活动目录（Active Directory）

活动目录审核

概述
配置AD域和DC
- 自动配置
- 手动配置
配置审核策略
- 自动配置
- 手动配置
配置对象级审核
- 自动配置
- 手动配置
配置事件日志设置
故障排除

ADFS审计

组策略对象审核

Azure AD配置

概述
功能比较：Azure App与M365
在ADAudit Plus中配置Azure AD
- 使用Azure AD Premium许可证
- 使用Microsoft 365许可证
ADAudit Plus的报告功能
- ADAudit Plus与Azure门户
- ADAudit Plus与PowerShell cmdlet的比较
跟踪的事件类别
Azure AD中的日志保留设置
故障排除

Azure AD DS审核

AD CS审核

Windows服务器

Windows服务器审核

可移动存储审核

文件完整性监视

PowerShell审核指南

用户会话录制

概述和步骤

文件服务器

Windows文件服务器审核

EMC服务器审核

EMC Isilon审核

症状学审计

华为OceanStor审计

概述
华为OceanStor V5系列
华为OceanStor 9000 V5
华为OceanStor Dorado All-Flash Storage和OceanStor混合闪存（V6系列）
在ADAudit Plus中添加设备
排除配置
故障排除

NetApp文件管理器审核

NetApp群集审核

日立NAS审计

亚马逊FSx审计指南

QNAP NAS审核指南

Windows工作站审核

事件收集疑难解答

概述
错误和解决方案

迁移

安全

安全规范

安全性强化

安全性强化

产品配置

服务帐户配置

SSL配置

安全日志设置

安全日志设置

Agent配置

单一登录

NTLM身份验证
SAML身份验证

端口

产品和系统端口

2FA配置

虚拟IP地址设置

虚拟IP地址设置

高可用性配置

Configure audit policies in your domain - Manual Process

1. Configure advanced audit policies

Advanced audit policies help administrators exercise granular control over which activities get recorded in the logs, helping reduce event noise. We recommend configuring advanced audit policies on Windows Server 2008 and above.

Log in to any computer that has the Group Policy Management Console (GPMC) with Domain Admin credentials.
Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, and select Edit.

Note: For the appropriate group policy, refer to the table below:

To enable FIM on	Right-click
Domain controller	Default Domain Controllers Policy GPO
Windows server	ADAuditPlusMSPolicy GPO
Workstation	ADAuditPlusWSPolicy GPO

In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration, and configure the following settings:

Category	Subcategory	Audit events	Purpose
Object Access	Audit File System Audit File Share Audit Handle Manipulation	Success, Failure Success Success, Failure	File share auditing
Policy Change	Audit Policy Change Authorization Policy Change	Success, Failure Success	File permission change auditing

2. Force advanced audit policies

When using advanced audit policies, ensure they are forced over legacy audit policies.

Log in to any computer that has the GPMC with Domain Admin credentials.
Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.

To enable FIM on	Right-click
Domain controller	Default Domain Controllers Policy GPO
Windows server	ADAuditPlusMSPolicy GPO
Workstation	ADAuditPlusWSPolicy GPO

In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
Right-click Audit: Force audit policy subcategory settings from the right pane.
Select Properties, then choose Enabled.

3. Configure legacy audit policies

Due to the unavailability of advanced audit policies in Windows Server 2003 and earlier versions, legacy audit policies need to be configured for these types of servers.

Log in to any computer that has the GPMC with Domain Admin credentials.
Open the GPMC and, based on your setup, right-click Default Domain Controllers Policy or ADAuditPlusMSPolicy or ADAuditPlusWSPolicy, then select Edit.

To enable FIM on	Right-click
Domain controller	Default Domain Controllers Policy GPO
Windows server	ADAuditPlusMSPolicy GPO
Workstation	ADAuditPlusWSPolicy GPO

In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies.
Double-click Audit Policy.
Right-click on the Object Access policy in the right pane.
Select Properties, then check the box next to Success.