What's new in security auditing in Windows 8

The security audit is a very effective tool that helps to maintain security in companies, since it allows, among other things, to establish control over all its workers, to verify the existence of anomalous behaviors or if existing standards are complied with.

Windows 8 has introduced a series of changes that will undoubtedly help administrators increase security in their work environment. However, if your company does not already make use of this feature, we recommend that you consult the corresponding documentation on the Microsoft website.

Get information on file access events

Now in Windows 8, and as long as the current authoring directives are correct, the operating system itself will generate an audit event every time a user gains access to a file.

These events contain information about the file itself that was accessed, and thanks to the event log filtering tools, this information can be used to identify the most relevant events.

Get information on user login events

Assuming we have an environment set up as discussed above, with the correct directives, Windows 8 will generate a new event each time a user logs in , either locally or remotely.

This event will contain all the information necessary to identify the user's own activity, as well as its duration.

Audit removable storage devices

Businesses could already limit or deny the ability to use removable storage devices in previous versions of WIndows, thanks to the removable storage access policy. The problem was that they couldn't track the use of those devices, if they were allowed.

Now in Windows 8, if this policy setting is configured, a new audit event will be generated each time a user attempts to access a removable storage deviceHere all the actions that have been carried out will appear, such as reading, writing, deleting, etc.

In Welcome to Windows 8 | How to easily take screenshots in Windows 8 and RT