RE: Repost: Security Question
From: Charles Yang [MSFT] (v-chayan_at_online.microsoft.com)
Date: 01/20/05
- Next message: Austin: "Client setup wizard woes on Wireless LAN"
- Previous message: Jeff Meager: "RE: Companyweb, rename user, not updating"
- In reply to: Marcia: "Repost: Security Question"
- Next in thread: Marcia: "Re: Repost: Security Question"
- Reply: Marcia: "Re: Repost: Security Question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 20 Jan 2005 12:20:50 GMT
Hi Marcia,
Thank you for posting here.
>From the description, I understand that you met a question that in event
538 in security audit log. It is an expected behavior in SBS2003, $ mean it
is the computer name, In SBS 2003, the full security audit is enabled by
default so that you are able to monitor the server and network access
events if needed. It's normal that many logon/logoff events are logged
because one logon/logoff procedure can generate several events. The
logon/logoff procedures are always performed by service startup/shutdown,
shared file accessing, network accessing, users' logon/logoff etc. Event
540 indicates a successful logon; event 538 indicates a successful logoff
and event 576 indicates a successful special privilege assign. You may
safely ignore these events.
In addition, if you do want to stop these events, you can turn off Success
logon auditing, although it is not recommended. To do so:
1. Click Start, click Run, type "gpmc.msc" and click OK.
2. Expand Domains -> your domain -> Domain Controllers.
3. Right-click Small Business Server Auditing Policy and click Edit.
4. Expand Computer Configuration -> Windows Settings -> Security Settings
-> Local Policies -> Audit Policy.
5. In the right pane, double-click Audit logon events and clear the Success
check box. Click OK.
6. Run "gpupdate /force".
More information:
Securing Your Windows Small Business Server 2003 Network
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-
b287-c31115ef10a4&displaylang=en
Account Passwords and Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
security/bpactlck.mspx
Threats and Countermeasures: Security Settings in Windows Server 2003 and
Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-
9346-F93A4081EEA8&displaylang=en
I hope the above information is useful to you, if you have any questions
please feel free and let me know.
Have a nice day!
Charles Yang
Online Partner Support
Partner Support Group
Microsoft Global Technical Support Center
Mailto: v-chayan@microsoft.com
Sincerely,
Charles Yang (MFST)
Microsoft Partner Online Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Austin: "Client setup wizard woes on Wireless LAN"
- Previous message: Jeff Meager: "RE: Companyweb, rename user, not updating"
- In reply to: Marcia: "Repost: Security Question"
- Next in thread: Marcia: "Re: Repost: Security Question"
- Reply: Marcia: "Re: Repost: Security Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
