[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Accounts: Rename administrator account The built-in local administrator account is a well-known account name that attackers will target. Microsoft recommends to choose another name for this account, and to avoid names that denote administrative or elevated access accounts. Be sure to also change the default description for the local administrator (through the Computer Management console). Note ...

Audit logon events The prescribed GPOs from Microsoft include settings that configure the audit categories present in previous versions of Windows. If you use the script and the GPOs included with this security guidance, these settings will not apply to computers running Windows Vista. The GPOs intended for use in enterprise environments have been designed to work with Windows XP based computers. ...

Audit Policy: Account Logon: Other Account Logon Events This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local acco ...

Audit Policy: Detailed Tracking: DPAPI Activity This subcategory reports encrypt or decrypt calls into the data protections application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. Events for this subcategory include: ? 4692: Backup of data protection master key was attempted. ? 4693: Recovery of data protection master key was attemp ...

Domain Profile: Allow Remote Desktop exception (SP2 only)

Audit Policy: Detailed Tracking: Process Creation This subcategory reports the creation of a process and the name of the program or user that created it. Events for this subcategory include: ? 4688: A new process has been created. ? 4696: A primary token was assigned to process. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 200 ...

Audit Policy: DS Access: Directory Service Access This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server. This subcategory applies only to domain controllers. Even ...

Audit Policy: Policy Change: Authorization Policy Change This subcategory reports changes in authorization policy including permissions (DACL) changes. Events for this subcategory include: ? 4704: A user right was assigned. ? 4705: A user right was removed. ? 4706: A new trust was created to a domain. ? 4707: A trust to a domain was removed. ? 4714: Encrypted data recovery policy was changed. R ...

Audit Policy: System: Security State Change This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: ? 4608: Windows is starting up. ? 4609: Windows is shutting down. ? 4616: The system time was changed. ? 4621: Administrator recovered system from CrashOnAuditFail. Users who are not administrato ...

Audit system events This policy setting is very important because it allows you to monitor system events that succeed and fail, and provides a record of these events that may help determine instances of unauthorized system access. System events include starting or shutting down computers in your environment, full event logs, or other security-related events that affect the entire system.


Pages:      Start    2313    2314    2315    2316    2317    2318    2319    2320    2321    2322    2323    2324    2325    2326    ..   3047

© SecPod Technologies