[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Manage auditing and security log

ID: oval:org.secpod.oval:def:36548Date: (C)2016-08-05   (M)2017-11-21
Class: COMPLIANCEFamily: windows




This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. Default: Administrators. Counter Measure: Ensure that only the local Administrators group has the Manage auditing and security log user right. Potential Impact: None. This is the default configuration. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Manage auditing and security log (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSecurityPrivilege' and precedence=1

Platform:
Microsoft Windows 10
Reference:
CCE-41974-7
CCE    1
CCE-41974-7
XCCDF    4
xccdf_org.secpod_benchmark_general_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
...

© 2013 SecPod Technologies