How to write SQL Server Audit Events to the Security Log
This topic describes how to write a SQL Server audit log in windows Security Log
To configure the audit object access setting in Windows using auditpol
1.Open a command prompt with administrative permissions.
A.On the Start menu, point to All Programs, point to Accessories, right-click Command Prompt, and then click Run as administrator.
B.If the User Account Control dialog box opens, click Continue.
Execute the following statement to enable auditing from SQL Server.
auditpol /set /subcategory:"application generated" /success:enable /failure:enable
Close the command prompt window.
To grant the generate security audits permission to an account using secpol
1.For any Windows operating system, on the Start menu, click Run.
2.Type secpol.msc and then click OK. If the User Access Control dialog box appears, click Continue.
3.In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
4.In the results pane, double-click Generate security audits.
5.On the Local Security Setting tab, click Add User or Group.
6.In the Select Users, Computers, or Groups dialog box, either type the name of the user account, such as domain1\user1 and then click OK, or click Advanced and search for the account.
7.Click OK.
8.Close the Security Policy tool.
9.Restart SQL Server to enable this setting.
To configure the audit object access setting in Windows using secpol
If the operating system is earlier than Windows Vista or Windows Server 2008, on the Start menu, click Run.
1.Type secpol.msc and then click OK. If the User Access Control dialog box appears, click Continue.
2.In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click Audit Policy.
3.In the results pane, double-click Audit object access.
4.On the Local Security Setting tab, in the Audit these attempts area, select both Success and Failure.
5.Click OK.
6.Close the Security Policy tool.
Question :-
Ans :