You are a systems administrator for your company. The company’s network consists of a single Active Directory domain. You install Windows Essential Business Server (EBS) 2008 on the network. The servers on the network run Windows Server 2008, and all client computers run Windows Vista.
You recently discovered that some network users are modifying the registry settings on their computers. You want to configure a Group Policy Object (GPO) to track registry changes on all client computers.
What should you do?
A.
Enable the Audit process tracking group policy setting to audit both successful and unsuccessful events for the Everyone group.
B.
Enable the Audit system events group policy setting to audit both successful and unsuccessful events for the Everyone group.
C.
Enable the Audit object access group policy setting to audit both successful and unsuccessful events for the Everyone group.
D.
Enable the Audit privilege use group policy setting to audit both successful and unsuccessful events for the Everyone group.
Explanation:
Enable the Audit object access group policy setting to audit both successful and unsuccessful events for the Everyone group.You should enable the Audit object access group policy setting for the Everyone group to achieve objective in this scenario. Enabling the Audit object access policy to audit both successful and unsuccessful events allows you to audit each user attempt to access an object. Objects include files, folders, printers, registry keys, and Active Directory objects. To access Group Policy and configure the Audit object access policy, you should perform the following steps:
1. Open the Windows EBS Administration Console by clicking Start > All Programs > Windows Essential Business Server.
2. Click the Users and Groups tab, and then click the Group Management option.
3. In the tasks pane, click the Start Group Policy Management Console option.
4. Under the Group Policy menu, scroll down to the following node: Computer ConfigurationSecurity SettingsLocal PoliciesAudit Policy.
5. In the right pane, right-click the Audit object access policy setting and click the Properties option.
6. In the Audit Object Access Properties dialog box, select the Success and Failure audit events.You should not enable the Audit process tracking group policy setting to audit both successful and unsuccessful events for the Everyone group. The Audit process tracking policy setting allows you to audit only those events related to processes on the computer, such as program activation, process exit, handle duplication, and indirect object access.
You should not enable the Audit system events group policy setting to audit both successful and unsuccessful events for the Everyone group. The Audit system events policy setting allows you to audit only those events related to a computer restart or shutdown.
You should not enable the Audit privilege use group policy setting to audit both successful and unsuccessful events for the Everyone group. The Audit privilege use policy setting allows you to audit events related to a user performing a task controlled by a User Rights Assignment in Group Policy.