[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit: Shut down system immediately if unable to log security audits

ID: oval:org.secpod.oval:def:14756Date: (C)2013-08-13   (M)2017-10-21
Class: COMPLIANCEFamily: windows




This security setting determines whether the system shuts down if it is unable to log security events. If this security setting is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the retention method that is specified for the security log is either Do Not Overwrite Events or Overwrite Events by Days. If the security log is full and an existing entry cannot be overwritten, and this security option is enabled, the following Stop error appears: STOP: C0000244 {Audit Failed} An attempt to generate a security audit failed. To recover, an administrator must log on, archive the log (optional), clear the log, and reset this option as desired. Until this security setting is reset, no users, other than a member of the Administrators group will be able to log on to the system, even if the security log is not full. Note: On Windows versions prior to Windows Vista configuring this security setting, changes will not take effect until you restart Windows. Default: Disabled. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits (2) REG: HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Lsa!CrashOnAuditFail

Platform:
Microsoft Windows 7
Reference:
CCE-9463-1
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9463-1
XCCDF    3
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_7
xccdf_org.secpod_benchmark_general_Windows_7
xccdf_org.secpod_benchmark_PCI_3_2_Windows_7

© 2013 SecPod Technologies