Use this procedure when you want to enable auditing so that Windows Firewall events are written to the security log. This is useful for troubleshooting Windows Firewall problems or when you are configuring Windows Firewall for the first time and you want to monitor Windows Firewall behavior.
Administrative Credentials
Для выполнения данной процедуры необходимо входить в группу "Администраторы" на локальном компьютере или получить соответствующие полномочия путем делегирования. Если компьютер присоединен к домену, эту процедуру могут выполнять члены группы "Администраторы домена".
Special Considerations
No special considerations are required to perform this procedure.
To enable auditing of Windows Firewall events
This procedure can be performed using Group Policy.
Using Group Policy
To enable auditing of Windows Firewall events-
Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Group Policy settings in your organization.
-
Open Computer Configuration, open Windows Settings, open Security Settings, open Local Policies, and then click Audit Policy.
-
Double-click Audit process tracking, select the Success and Failure check boxes, and then click OK.
-
Double-click Audit policy change, select the Success and Failure check boxes, and then click OK.