Previous Setup Power Configuration Manual Install Setup Firewall Port Exceptions Next

Setup Windows Audit

FineBuild can set up the Windows Audit processing to improve security monitoring for SQL Server.

Security Compliance

Setup Windows Audit configuration helps to log use of sensitive facilities and securely log any violations. If you setup Security Compliance then Setup Windows Audit configuration will always be implemented.

FineBuild Power Configuration Processing

Automated configuration of Windows Audit relates to Process Id 1CE in the FineBuild1Preparation script, and is controlled by the parameter below:

Parameter Build SQL2005 SQL2008 SQL2008 R2 SQL2012 SQL2014 SQL2016 SQL2017
SetupWinAudit FULL Yes Yes Yes Yes Yes Yes Yes
SetupWinAudit WORKSTATION No No No No No No No
SetupWinAudit CLIENT Yes Yes Yes Yes Yes Yes Yes

Setup of Windows Audit is not performed automatically for Workstation Build as this type of installation often has conflicting demands for audit requirements.

Manual Setup Windows Audit Processing

The following steps show what you would have to do to setup Windows Audit manually. FineBuild does all of this work for you automatically.

This processing should always be performed for a Server or Client Build, but may not be required for a Workstation build.

Windows Audit configuration can be performed either by using a GUI or by the command line. The examples below show both options.

GUI Configuration of Windows Audit

The example below shows how Windows Audit configuration be performed using a GUI
1) Select Settings -> Control Panel -> Administrative Tools -> Local Security Policy to open the Local Security Policy GUI

2) Navigate to Local Policy -> Audit Policy then set the values shown below:

Command Line configuration of Windows Audit

The example below shows how Windows Audit configuration be performed using the command line
1) Run the following commands:
AUDITPOL /set /Category:"Account Logon"      /success:enable  /failure:enable
AUDITPOL /set /Category:"Account Management" /success:enable  /failure:enable 
AUDITPOL /set /Category:"DS Access"          /success:enable  /failure:enable
AUDITPOL /set /Category:"Logon/Logoff"       /success:enable  /failure:enable
AUDITPOL /set /Category:"Object Access"      /success:enable  /failure:enable 
AUDITPOL /set /Category:"Policy Change"      /success:enable
AUDITPOL /set /Category:"Privilege Use"      /success:enable  /failure:enable 
AUDITPOL /set /Category:"Detailed Tracking"  /success:disable /failure:disable 
AUDITPOL /set /Category:"System"             /success:enable

Copyright FineBuild Team © 2017. License and Acknowledgements
Previous Setup Power Configuration Top Setup Firewall Port Exceptions Next

Last edited Mar 20 at 2:05 PM by EdVassie, version 4