[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit Policy: Logon-Logoff: Other Logon/Logoff Events (Failure)

ID: oval:org.secpod.oval:def:19115Date: (C)2014-05-29   (M)2021-06-02
Class: COMPLIANCEFamily: windows




Auditing of Logon-Logoff: Other Logon/Logoff Events events on failure should be enabled or disabled as appropriate. Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events. These other logon or logoff events include: * A Remote Desktop session connects or disconnects. * A workstation is locked or unlocked. * A screen saver is invoked or dismissed. * A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration. * A user is granted access to a wireless network. It can either be a user account or the computer account. * A user is granted access to a wired 802.1x network. It can either be a user account or the computer account. Logon events are essential to understanding user activity and detecting potential attacks. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-11179-9
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-11179-9

© SecPod Technologies