Overview

The GFI LanGuard apart from providing information on the current audit policy settings on scanned machines, allows users to access and modify the audit policy settings of the target computers.

This article describes the required steps to enable security audit policies using GFI LanGuard.

Diagnosis

An important part of any security plan is the ability to monitor and audit events on your network. These event logs are frequently referenced to identify security holes or breaches. Identifying attempts and preventing them from becoming successful breaches of your system security is critical. In Windows, you can use Group Policies to set up an audit policy that can track user activities or system events in specific logs.

To keep track of your system auditing policy, GFI LanGuard collects the security audit policy settings from target computers and includes them in the scan result. To access more information on the result click on Security Audit Policy sub-node.

Apart from gaining knowledge on the current audit policy settings, you can also use GFI LanGuard to access and modify the audit policy settings of your target computers. To achieve this, follow the steps below.

Solution

1. After scanning a remote computer, from the Scan Results Overview panel, right-click on the respective target computer and select Enable auditing on > This computer/Selected computers/All computers.
   
2. Select/unselect auditing policies accordingly, and click Next to deploy the audit policy configuration settings, on the target computer(s).
3. At this stage, a dialog will show whether the deployment of audit policy settings was successful or not. To proceed to the next stage click Next. Click Back to redeploy settings on failed computers.
   
4. Click Finish to finalize the configuration. Restart a scan to update results.