audit logs on windows 2003

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Daniele Pasian (daniele_at_nospanplease.com)
Date: 02/03/05

• Next message: Boris Zakharin: "Re: Overlapped file locking doesn't work across network using NT4 as Client?"
• Previous message: Allen Firouz: "RE: RIS and no boot filename"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 3 Feb 2005 18:42:44 +0100

Hi i'm an OLD win 2k admin....

Now on windows 2003 server i've to much audit logs....

On old win2k if i disable audit by GPO it will work...

Now i use GPMG and here the results

Policy Setting Winning GPO
Audit account logon events No auditing Default Domain Controllers
Policy
Audit account management No auditing Default Domain Controllers
Policy
Audit directory service access No auditing Default Domain Controllers
Policy
Audit logon events No auditing Default Domain Controllers
Policy
Audit object access No auditing Default Domain Controllers
Policy
Audit policy change No auditing Default Domain Controllers
Policy
Audit privilege use No auditing Default Domain Controllers
Policy
Audit process tracking No auditing Default Domain Controllers
Policy
Audit system events No auditing Default Domain Controllers
Policy

as you see the DC does not oudit anythig but i recive tons of this logs...

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 576
Date: 03/02/2005
Time: 18.29.46
User: NT AUTHORITY\SYSTEM
Computer: SERVER

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540

Could you help me please!!!!

Thank you

Dan

---

• Next message: Boris Zakharin: "Re: Overlapped file locking doesn't work across network using NT4 as Client?"
• Previous message: Allen Firouz: "RE: RIS and no boot filename"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages RE: syslog ... For the same kind of environment, I am using Computer Associates eTrust ... Audit integrated with Security command center for an easy event management ... and consolidation of logs + administration of all the Security ... (Security-Basics) Re: SBS "Newbie" question - viewing logins ... THANKS for the help - are these audits set in the security event log? ... first "success audit". ... (microsoft.public.windows.server.sbs) RE: Blue Team ROE ... These types of constraints are a way to create the illusion of due ... diligence in that they are having an outside company perform a security ... the audit by client constraints. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: How to determine who changed permissions on a directory? ... I used the "Security Monitoring and Attack Detection Planning Guide" from ... Audit Account Logon events - Success, Failure ... Audit Object Access - Success, ... (microsoft.public.security) Re: How to determine who changed permissions on a directory? ... I used the "Security Monitoring and Attack Detection Planning Guide" from ... Audit Account Logon events - Success, Failure ... Audit Object Access - Success, ... (microsoft.public.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.general  > 2005-02