Audit Access to Computer and Queue Objects
Applies To: Windows Server 2008
Use this procedure to audit access to computer and queue objects.
You can use this procedure to audit access to computer and queue objects. Use auditing to record which users attempt to access Message Queuing objects, the type of operation attempted, and whether that access succeeded or failed.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To audit access to computer and queue objects
Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Highlight Active Directory Users and Computers, and on the View menu, click Users, Groups, and Computers as containers, and then click Advanced Features.
To audit access to a computer (an msmq object), in the console tree, right-click msmq.
Where?
- Active Directory Users and Computers/YourDomain/YourOrganizationalUnit (such as Computers or Domain Controllers)/*YourComputer/*msmq
Or, to audit access to a queue, right-click the applicable queue.
Where?
- Active Directory Users and Computers/YourDomain/YourOrganizationalUnit (such as Computers or Domain Controllers)/*YourComputer/*msmq/YourQueueFolder (Private Queues for a private queue)/YourQueue
Click Properties.
On the Security page, click Advanced.
On the Auditing page of the Advanced Security Settings dialog box, click Add.
In the Select Users, Computers, or Groups dialog box, click Object Types, select the Group and/or Users check box as appropriate, clear the remaining check boxes, and click OK. In Enter the object name to select, type the name of a group or user whose access you want to audit or the names of several such groups or users separated by semicolons and click OK. Or, click Advanced to search for groups or users, enter the applicable parameters, click Find Now, select the group or user, click OK, and then click OK again.
In the Auditing Entry dialog box, in Apply onto, select the applicable objects for which user access will be audited. Then, under Access, select the appropriate check boxes next to the applicable entries and click OK. Or, to clear all audit entries, click Clear All, and then click OK.
Additional considerations
This procedure cannot be used to audit access to a private queue on a remote computer.
In addition to auditing access to computer and queue objects, you must also establish an audit policy for the local computer.