DHCP: Audit logging should be enabled

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Dynamic Host Configuration Protocol Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (http://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2, Windows Server 2012


Dynamic Host Configuration Protocol (DHCP)






Audit logging is turned off on the DHCP server.


The audit log will not record DHCP server activity.


Enable audit logging with the DHCP MMC.

You should enable audit logging for every DHCP server on your network. Audit logging tracks the history of client requests including the associated IP addresses and DNS registrations, providing information that can aid in troubleshooting. It also records administrative configuration changes made to the server, providing a history for future reference.

Membership in the Administrators or DHCP Administrators group is the minimum required to complete this procedure.

To enable audit logging

  1. Click Start, point to Administrative Tools and then click DHCP.

  2. In the console tree, expand the applicable DHCP server, expand IPv4 or IPv6, right click Properties and then check Enable DHCP audit logging.

Additional references

For updated detailed IT pro information about DHCP and selectively enabling or disabling DHCP server bindings, see the Windows Server 2008 R2 documentation on the Microsoft TechNet Web site.