Dear Experts,
i am having some issue with event logging.
here is my problem statement.
I need to survey how many users use pen drive in my organization.
I have created a GPO for object access through computer configuration>security policy>Advanced Audit policy configuration>system audit policies-local group policy>Object access.
When pen drives are plugged on the PC, it generate an event ID 4656, like wise i know pen drives was attempted in that PC.
but for central monitoring, and having >1000 pc, i cannot go on individual pc to check the security event log.
i have configured event subscription collector and enable all services needed. Events from windows 7 pc are successfully being forwarded to my collector.
so here are my issues:
1- i have to deploy winrm 2.0 on every XP pcs's as winrm is not installed by default. i cannot find the .msi version of winrm2.0. i do not want to deploy the .exe version using installation scripts.
2- PC having OS windows 8.1 are not forwarding any events to the collector. all the services are up (winrm quickconfig)
3- The above 2 are alternate solutions. WHAT I ACTUALLY WANT TO DO IS THAT INSTEAD OF THE LOG (EVENT ID 4656) BEING GENERATED ON THE LOCAL PC, I WANT THE LOG TO BE GENERATED ON THE DOMAIN CONTROLLER, JUST LIKE LOGON, LOGOFF EVENT ID'S)
4- Solution to issue no. 3 will be my no.1 priority, alternately, solution to no.2 and no.1 is highly welcomed.
Thanks.
i am having some issue with event logging.
here is my problem statement.
I need to survey how many users use pen drive in my organization.
I have created a GPO for object access through computer configuration>security policy>Advanced Audit policy configuration>system audit policies-local group policy>Object access.
When pen drives are plugged on the PC, it generate an event ID 4656, like wise i know pen drives was attempted in that PC.
but for central monitoring, and having >1000 pc, i cannot go on individual pc to check the security event log.
i have configured event subscription collector and enable all services needed. Events from windows 7 pc are successfully being forwarded to my collector.
so here are my issues:
1- i have to deploy winrm 2.0 on every XP pcs's as winrm is not installed by default. i cannot find the .msi version of winrm2.0. i do not want to deploy the .exe version using installation scripts.
2- PC having OS windows 8.1 are not forwarding any events to the collector. all the services are up (winrm quickconfig)
3- The above 2 are alternate solutions. WHAT I ACTUALLY WANT TO DO IS THAT INSTEAD OF THE LOG (EVENT ID 4656) BEING GENERATED ON THE LOCAL PC, I WANT THE LOG TO BE GENERATED ON THE DOMAIN CONTROLLER, JUST LIKE LOGON, LOGOFF EVENT ID'S)
4- Solution to issue no. 3 will be my no.1 priority, alternately, solution to no.2 and no.1 is highly welcomed.
Thanks.
