Kaspersky Next XDR Expert
1.1.9

Contents

Configuring audit settings for managing KUMA

You can configure event audit on Windows devices both on a specific device using a local policy or on all devices in a domain using a group policy.

This section describes how to configure an audit on an individual device and how to use a domain group policy to configure an audit.

In this section

Configuring an audit using a local policy

Configuring an audit using a group policy
Page top
[Topic 264793]

Configuring an audit using a local policy

To configure an audit using a local policy:

  1. Open the Run window by pressing the key combination Win+R.
  2. In the opened window, type secpol.msc and click OK.

    The Local security policy window opens.

  3. Select Security SettingsLocal policiesAudit policy.
  4. In the pane on the right, double-click to open the properties of the policy for which you want to enable an audit of successful and unsuccessful attempts.
  5. In the <Policy name> properties window, on the Local security setting tab, select the Success and Failure check boxes to track successful and interrupted attempts.

    It is recommended to enable an audit of successful and unsuccessful attempts for the following policies:

    • Audit Logon
    • Audit Policy Change
    • Audit System Events
    • Audit Logon Events
    • Audit Account Management

Configuration of an audit policy on the device is complete.

Page top
[Topic 264795]

Configuring an audit using a group policy

In addition to configuring an audit on an individual device, you can also configure an audit by using a domain group policy.

To configure an audit using a group policy:

  1. Open the Run window by pressing the key combination Win+R.
  2. In the opened window, type gpedit.msc and click OK.

    The Local Group Policy Editor window opens.

  3. Select Computer configurationWindows configurationSecurity settingsLocal policiesAudit policy.
  4. In the pane on the right, double-click to open the properties of the policy for which you want to enable an audit of successful and unsuccessful attempts.
  5. In the <Policy name> properties window, on the Local security setting tab, select the Success and Failure check boxes to track successful and interrupted attempts.

    It is recommended to enable an audit of successful and unsuccessful attempts for the following policies:

    • Audit Logon
    • Audit Policy Change
    • Audit System Events
    • Audit Logon Events
    • Audit Account Management

The audit policy is now configured on the server or workstation.

Page top
[Topic 264810]