Controlling audit trail events

By default, audit trail events are recorded when users log on, open applications, select roles that elevate their privileges, and perform other tasks. You can use domain group policies to control the global location of the audit trail events. For example, you might want to store audit trail events in the audit store database instead of the Windows event Application log if you want to make them available for querying and reports.

You can also override domain group policy and configure local or category-specific audit trail targets using a local administrative template or group policy.

To configure global or per-category audit trail targets using an ADM administrative template:

Note:   These settings override the settings defined in the Set global audit trail targets group policy.

  1. Open the Group Policy Object Editor to display Local Computer Policy, and select Computer Configuration > Administrative Templates.
  2. Right-click, select Add/Remove Templates, then click Add.
  3. Navigate to the AuditManager folder, select auditrail.adm, click OK, then click Close.
  4. Open the Classic Administrative Templates folder and select AuditTrail.
  5. Specify global or separate targets for audit trail events:
    • Enable Set global audit trail target settings to configure a single location for audit trail events for Access Manager and the Centrify agents.

    • If you want to have separate targets for audit trail events, you can enable the other audit trail group policies to override the global policy setting with a different target.

  6. Specify the location for saving audit trail events, and then click OK:
    • 0 to disable audit trail events

    • 1 to store audit trail events in the audit store

    • 2 to send audit trail events to the Windows event Application log

    • 3 to send audit trail events to both the audit store and the Application log.

To configure per-category audit trail targets using a local group policy from an XML template:

Note:   These settings override the settings defined in the Set global audit trail targets group policy.

  1. Ensure that the Centrify Audit Trail Settings were updated with the most recent XML template.
  2. Open the Group Policy Object Editor to display Local Computer Policy, and select Computer Configuration > Centrify Audit Trail Settings.
  3. In Centrify Audit Trail Settings, separate folders for each audit trail category contain Send audit trail to Audit database and Send audit trail to log file group policies. Enable these group policies in each category that you want to configure to use a specific audit trail target. The target that you specify for each category is used instead of the target specified in the Set global audit trail targets group policy.