CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [462]
The concepts behind compliance in IT are not, as some might imagine at first blush, to stop you from being able to work effectively. Rather they’re designed to stop users with not quite enough technical skill or knowledge from installing malicious programs or applications that will destabilize their systems. This keeps technical support calls down and enables techs to focus on more serious problems.
Reporting
As a final weapon in your security arsenal, you need to report any security issues so a network administrator or technician can take steps to make them go away. You can set up two tools within Windows so that the OS reports problems to you: Event Viewer and Auditing. You can then do your work and report those problems. Let’s take a look.
Event Viewer
Event Viewer is Window’s default tattletale program, spilling the beans about many things that happen on the system. You can find Event Viewer in Administrative Tools in the Control Panel. By default, Event Viewer has three sections: Application, Security, and System. If you’ve downloaded Internet Explorer 7, you’ll see a fourth option for the browser, Internet Explorer (Figure 26-9). As you’ll recall from Chapter 17, “Maintaining and Troubleshooting Windows,” the most common use for Event Viewer is to view application or system errors for troubleshooting (Figure 26-10).
One very cool feature of Event Viewer is that you can click the link to take you to the online Help and Support Center at Microsoft.com, and the software reports your error (Figure 26-11), checks the online database, and comes back with a more or less useful explanation (Figure 26-12).
Auditing
The Security section of Event Viewer doesn’t show you anything by default. To unlock the full potential of Event Viewer, you need to set up auditing. Auditing in the security sense means to tell Windows to create an entry in the Security Log when certain events happen, for example, a user logs on—called event auditing—or tries to access a certain file or folder—called object access auditing. Figure 26-13 Shows Event Viewer tracking logon and logoff events.
Figure 26-9 Event Viewer
Figure 26-10 Typical application error message
Figure 26-11 Details about to be sent
Figure 26-12 Help and Support Center being helpful
The CompTIA A+ certification exams don’t test you on creating a brilliant auditing policy for your office—that’s what network administrators do. You simply need to know what auditing does and how to turn it on or off so you can provide support for the network administrators in the field. To turn on auditing at a local level, go to Local Security Settings in Administrative Tools. Select Local Policies and then click Audit Policies. Double-click one of the policy options and select one or both of the checkboxes. Figure 26-14 shows the Audit object access dialog box.
* * *
NOTE Event Viewer stores log files in %SystemRoot%\System32\Config.
Figure 26-13 Event Viewer displaying security alerts
Figure 26-14 Audit object access, with the Local Security Setting dialog box open in the background
Incidence Reporting
Once you’ve gathered data about a particular system or you’ve dealt with a computer or network problem, you need to complete the mission by telling your supervisor. This is called incidence reporting. Many companies have pre-made forms that you simply fill out and submit. Other places are less formal. Regardless, you need to do this!
Incidence reporting does a couple of things for you. First, it provides a record of work you’ve accomplished. Second, it provides a piece of information that, when combined with other information you might or might not know, reveals a pattern or bigger problem to someone higher up the chain. A seemingly innocuous security audit report, for example, might match other