SQL Server Auditing: A Learning Series Part Two

Continuing our series on Auditing from yesterday, I wanted to bring up a few additional points if you are planning on using the Windows Security log as the target for your auditing results.

  1. You must add the SQL Server service (the account that you are actually using to run SQL Server, go to the SQL Server Configuration manager and check out the Log On As column) to the Generate security audits policy.  Go to your Local Security Policy then under Security Settings select Local Policies the User Rights Assignment.  There you will find the policy so that you may add the account similar to what is shown Figure 1.
  2. Keep in mind if you are running in a clustered environment you need to do this on each node so that in a failover scenario the auditing continues to work as designed.
  3. Also in the Local Security Policy, you need to go to Local Policies then Audit Policy and select to audit success and failure for the Audit Object Access policy.

In addition, if you plan on using a file as a target instead of the windows logs you must keep the following in mind:

  1. The SQL Server service account must have the ability to read and write to the file.
  2. If you have a user account that is a member of the Audit Administrator role, they must also have the ability to read and write to the file.
  3. Finally, if you have users with the Audit Reader role, then they must have the ability to read the file.

Figure 1 – Generate Security Audits Policy

Enjoy and stay tuned as we continue this series!


About SQLGator

Microsoft Data Platform MVP, Florida Gator, Star Wars fanatic and is there anything else...oh yeah PS4! I am a geek and SQL Server Business Intelligence Consultant, there are other technologies greater than these? Not so fast my friend! I also love to travel to new and exotic places.

Posted on January 15, 2013, in Auditing, Security and tagged , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: