Using Advanced Security Auditing Options to Monitor Dynamic Access Control Objects
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
These procedures can be deployed with the advanced security auditing capabilities described in the following documents:
Note
These auditing policies use the settings and events that were introduced in Windows 8 and Windows Server 2012. The contents of this guide apply to the list of supported Windows operating systems designated in the Applies To list at the beginning of this topic.
In this guide
Domain administrators can create and deploy expression-based security audit policies by using file classification information (resource attributes), user claims, and device claims to target specific users and resources to monitor potentially significant activities on one or more computers. These policies can be deployed centrally by using Group Policy, or directly on a computer, in a folder, or in individual files.
The procedures in this document describe how to:
Monitor the Central Access Policies that Apply on a File Server
Monitor the Central Access Policies Associated with Files and Folders
Monitor the Use of Removable Storage Devices
Important
This procedure can be configured on computers running any of the supported Windows operating systems. The other monitoring procedures can be configured only as part of a functioning dynamic access control deployment. If you have not yet deployed dynamic access control in your network, see Deploy a Central Access Policy (Demonstration Steps).