Posted by Awinish on June 15, 2011
Below are the references & event id associated with windows Vista, 7, 2008 & 2008 R2.
Description of security events in Windows Vista and in Windows Server 2008
Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista
Description of security events in Windows 7 and in Windows Server 2008 R2
Security Audit Events for Windows 7 and Windows Server 2008 R2
Advanced Security Auditing in Windows 7 and Windows Server 2008 R2
Jorge has documented best material on auditing, must take a look to his site.
Posted in OS/Certificates | Tagged: Auditing, EventLog, W2K8/2K8 R2 | Leave a Comment »
Posted by Awinish on November 11, 2010
I had the situation once, where i was asked to backup the event log on few server & clear it from server to save the space as well as retain log for audit. While, beating my head on the wall, i stumbled to few sites & i found scripts which actually worked for me to achieve my requirements. I have not written below listed VB script, neither confers any rights on it, use it on your own risk.
You can use ADM file to configure setting using group policy.
Posted in Scripts/Powershell | Tagged: EventLog, Scripts/Powershell | 2 Comments »