Configuring Hyper-V auditing
You have seen in the previous recipes how to protect your physical and virtual servers with Windows Updates, an antivirus, access control, and so on. However, a key factor needs to be considered to address security concerns when they happen, to track unsolicited access or unauthorized actions on your system, or to simply monitor when and how the Hyper-V administrators are managing it.
The best way to get these results is by setting an audit. By default, all Hyper-V events are logged in Event Viewer and can be used to diagnose a problem or track what has been done by the other Hyper-V admins.
You can also see all Hyper-V roles and authorization rights changes with Audit File System, which is not enabled by default.
This recipe will explain and show how to use the existing event logs as well as showing you how to enable Audit File System.
How to do it...
The following steps will demonstrate how to use the default data in Event Viewer to audit Hyper-V changes and how...
