Auditing
In Windows Server, some of the auditing capabilities are enabled by default, and some are available for you to configure, based on your requirements. These options can be configured using GPOs. In this section, you will see how these auditing options can be configured and how you can forward all these alerts into a centralized location.
Default auditing policies
There are two sets of policies available in Windows Server 2012 to support auditing capabilities—Basic Auditing Policy and Advanced Auditing Policy. The Basic Auditing Policy contains nine basic auditing tasks. These polices are located in the Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Audit Policies section in GPO. The Advanced Auditing Policy contains 10 different categories and contains 58 granular settings for each category. These policies are located at Computer Configuration | Policies | Windows Settings | Security Settings | Advanced Audit Policy Configuration | Audit...