Value of Auditing Workstations

Written by on Wednesday, March 5, 2008 5:56 - 0 Comments

Why you might consider enabling auditing on workstations…
Most admins only audit events taking place on servers, not workstations. The simple reason is that there are usually few servers but many workstations, plus servers are more valuable than workstations, which you can blow away and re-image in a pinch.

It can be a good idea however to enable certain types of auditing on Windows workstations. For example, you might consider enabling logon/logoff auditing and process tracking on workstations to keep track of which users use the workstation and what processes are executed on it. But why would you do this if you don’t have the time to regularly collect workstation security logs and review them?

Well, consider if a user is suspected of doing something bad like trying to hack into you servers from inside the network. If an investigation is initiated, security logs containing such audit information could be extremely valuable in either convicting the user of an offense or clearning his name. So even if you don’t review such audit logs regularly, they can still be useful. ')}

Article written by

Leave a Reply

You must be logged in to post a comment.

2003 server - Sep 30, 2008 22:34 - 0 Comments

instant messaging srv records

More In Computers & PC

Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments

Outlook: Duplicates in Mailbox

More In Computers & PC