[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-35498-5

Platform: win8.1Date: (C)2015-10-14   (M)2022-10-10



Audit Policy: Account Management: Security Group Management This subcategory reports each event of security group management, such as when a security group is created, changed, or deleted or when a member is added to or removed from a security group. If you enable this Audit policy setting, administrators can track events to detect malicious, accidental, and authorized creation of security group accounts. Events for this subcategory include: ? 4727: A security-enabled global group was created. ? 4728: A member was added to a security-enabled global group. ? 4729: A member was removed from a security-enabled global group. ? 4730: A security-enabled global group was deleted. ? 4731: A security-enabled local group was created. ? 4732: A member was added to a security-enabled local group. ? 4733: A member was removed from a security-enabled local group. ? 4734: A security-enabled local group was deleted. ? 4735: A security-enabled local group was changed. ? 4737: A security-enabled global group was changed. ? 4754: A security-enabled universal group was created. ? 4755: A security-enabled universal group was changed. ? 4756: A member was added to a security-enabled universal group. ? 4757: A member was removed from a security-enabled universal group. ? 4758: A security-enabled universal group was deleted. ? 4764: A group?s type was changed. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.


Parameter:


Technical Mechanism:

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management!Audit Policy: Account Management: Security Group Management (2) WMI: ###

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22508
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22508
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22508
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22508


OVAL    1
oval:org.secpod.oval:def:22508

© SecPod Technologies