[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit Policy: Logon-Logoff: Special Logon

ID: oval:org.secpod.oval:def:19051Date: (C)2014-05-29   (M)2021-06-02
Class: COMPLIANCEFamily: windows




Auditing of Logon-Logoff: Special Logon events on failure should be enabled or disabled as appropriate. Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances. This security policy setting determines whether the operating system generates audit events when: * A special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. * A member of a special group logs on. Special Groups is a Windows feature that enables the administrator to find out when a member of a certain group has logged on. The administrator can set a list of group security identifiers (SIDs) in the registry. If any of these SIDs is added to a token during logon and this auditing subcategory is enabled, a security event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=120183). Users holding special privileges can potentially make changes to the system. We recommend that you track their activity. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-11078-3
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-11078-3

© SecPod Technologies