[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-36058-6

Platform: win2012r2Date: (C)2015-10-08   (M)2022-10-10



Audit directory service access This policy setting determines whether to audit user access to an Active Directory object that has its own specified system access control list (SACL). If you define the Audit directory service access setting, you can specify whether to audit successes, failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an Active Directory object that has a specified SACL. Failure audits generate an audit entry when a user unsuccessfully attempts to access an Active Directory object that has a specified SACL. If you enable the Audit directory service access setting in the DCBP and configure SACLs on directory objects, a large volume of entries can be generated in the Security logs on domain controllers. You should only enable this setting if you actually intend to use the information that is created. The following includes important security events that the Audit directory service access setting records in the Security log: Event ID Event description ID Description 566 A generic object operation took place.


Parameter:


Technical Mechanism:

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy!Audit directory service access (2) WMI: root\rsop\computer#RSOP_AuditPolicy#Success, Failure#Category='AuditDSAccess' and precedence=1

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference


XCCDF    1

© SecPod Technologies