RE: Capture Logins
From: Sandeep KT [MSFT] (v-sandkt_at_online.microsoft.com)
Date: 12/10/04
- Next message: Sandeep KT [MSFT]: "RE: Capture Logins"
- Previous message: Jason Rosolowski: "Slow Printing"
- In reply to: SMB: "Capture Logins"
- Next in thread: Sandeep KT [MSFT]: "RE: Capture Logins"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 10 Dec 2004 15:06:16 GMT
Could you please let me know if the following helps on the same
Auditing with Windows Server 2003 and XP is configured in several different
ways, all depending upon what needs to be audited, and where that object
resides. Generally, the first step is to enable the specific type of
auditing through the audit policy, which will usually begin the audit
process at that point. Auditing is generally turned on through a security
policy, which is another part of Group Policy. These security policies are
generally accessed through Administrative Tools.
Audit Account Logon Events: Tracks user logon and logoff events.
Audit Account Management: Reports changes to user accounts.
Audit Directory Service Access: Reports access and changes to the directory
service. If the system is a member server or XP system, directory service
is NTLM-based, and consists of user accounts and group policies.
Audit Logon Events: Reports success/failure of any local or remote
access-based logon.
Audit Object Access: Reports file and folder access. Must be implemented
here, and then the individual file/folder must be configured for auditing
within its properties in order to fully enable this feature.
Audit Policy Change: Reports changes to group policies.
Audit Privilege Use: Related to Audit Object Access: reports when
permissions are utilized such as read, or full control.
Audit Process Tracking: Reports process and program failures. Not security
related.
Audit System Events: Reports standard system events. Not security related.
If it becomes necessary to audit file or folder access, the audit policy
must be changed, and then the file or folder must be flagged for auditing.
>From that point, items will appear in the Event Viewer. How the file or
folder is accessed is also subject to auditing, and must be decided once
auditing of the object is enabled. Every type of permission listed earlier
in this chapter is available as a type of access, with each type of access
capable of being audited if successful or failed.
==============
Microsoft provides third-party contact information to help you find
technical support. This contact information may change without notice.
Microsoft does not guarantee the accuracy of this third-party contact
information. The third-party products that this article discusses are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.
============================================================================
===
Sandeep KT
This posting is provided “AS IS” with no warranties, and confers no rights.
============================================================================
===
- Next message: Sandeep KT [MSFT]: "RE: Capture Logins"
- Previous message: Jason Rosolowski: "Slow Printing"
- In reply to: SMB: "Capture Logins"
- Next in thread: Sandeep KT [MSFT]: "RE: Capture Logins"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
