Windows supports auditing of various account- and system-related events, which can be invaluable when troubleshooting a security incident. You can enable auditing of nine different types of access on a local server. You can also configure these settings via an Active Directory group policy, which overrides any local settings that you’ve defined. After auditing has been configured, audit messages are created in the Security event log.

(more…)

After you enable auditing on a DHCP Server, all DHCP requests, database maintenance events, and various errors will be logged to a file. By default, a separate file is generated for each day of the week and stored in %SystemRoot%\system32\dhcp. The files are named DhcpSrvLog-xxx.log where xxx is the day of the week (e.g., DhcpSrvLog-Mon.log). After the first week, the previous week’s file is overwritten.

(more…)