Using Windows 8 Advanced Security Auditing Options to Monitor Dynamic Access Control Objects

Applies To: Windows 8, Windows Server 2012

This operations guide demonstrates the process of setting up advanced security auditing capabilities made possible through new settings and events available in Windows 8 and Windows Server 2012. These procedures can be deployed with the advanced security auditing capabilities described in the following documents:

In Windows Server 2012, domain administrators will be able to create and deploy expression-based security audit policies using file classification information (resource attributes), user claims, and device claims to target specific users and resources for monitoring of potentially significant activities on one or more computers. These policies can be deployed centrally by using Group Policy, or directly on a computer, in a folder, or in individual files.

The procedures in this document describe how to:


The last procedure in this list, Monitor the Use of Removable Storage Devices, can be configured on any computer running Windows Server 2012 or Windows 8. The other procedures can only be deployed as part of a functioning Dynamic Access Control deployment. If you have not yet deployed Dynamic Access Control in your network, see Deploy a Central Access Policy (Demonstration Steps)

See Also

Security Auditing Overview

What's New in Security Auditing