[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit: Shut down system immediately if unable to log security audits

ID: oval:org.secpod.oval:def:22495Date: (C)2015-01-07   (M)2023-07-14
Class: COMPLIANCEFamily: windows




This security setting determines whether the system shuts down if it is unable to log security events. If this security setting is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full and the retention method that is specified for the security log is either Do Not Overwrite Events or Overwrite Events by Days. If the security log is full and an existing entry cannot be overwritten, and this security option is enabled, the following Stop error appears: STOP: C0000244 {Audit Failed} An attempt to generate a security audit failed. To recover, an administrator must log on, archive the log (optional), clear the log, and reset this option as desired. Until this security setting is reset, no users, other than a member of the Administrators group will be able to log on to the system, even if the security log is not full. Note: On Windows versions prior to Windows Vista configuring this security setting, changes will not take effect until you restart Windows. Default: Disabled. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Audit: Shut down system immediately if unable to log security audits (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!crashonauditfail

Platform:
Microsoft Windows 8.1
Reference:
CCE-33046-4
CPE    1
cpe:/o:microsoft:windows_8.1
CCE    1
CCE-33046-4
XCCDF    7
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_8_1
xccdf_org.secpod_benchmark_ISO27001_Windows_8_1
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_8_1
xccdf_org.secpod_benchmark_PCI_3_2_Windows_8_1
...

© SecPod Technologies