Setting Up an Audit Policy - Page 3
Propagation is basically the process of applying the change to all the necessary places within the system or domain. By default, it occurs every eight hours. Of course, you can always tweak the system settings to force propagation to occur more often. However, this isn't always a good idea, because doing so can decrease a network's performance. A better method is to use a command to force propagation to occur on an as-needed basis. The command for instant propagation is
SECEDIT /REFRESHPOLICY MACHINE_POLICY
If you have trouble getting the command to work, you can also force propagation to occur by rebooting the system. (Of course, rebooting isn't usually an option if you're working with a server.)
Now that you know how to enable auditing on various types of events, it's time to learn how to fine-tune which events will be audited. For example, so far I've shown you how to audit when someone attempts to access a resource by enabling an audit on the Audit Object Access option. However, simply enabling this option won't do you any good unless you also define the objects you want to audit. I'll show you how to select these objects, and how to do some other types of fine-tuning, in Part 3 ( Auditing Specific Events ). Later in the series, I'll also show you how to get the most out of the audit logs you're creating. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.