|Paid content will be excluded from the download.
| Matches : 23631
|Audit logon events
The prescribed GPOs from Microsoft include settings that configure the audit categories present in previous versions of Windows. If you use the script and the GPOs included with this security guidance, these settings will not apply to computers running Windows Vista.
The GPOs intended for use in enterprise environments have been designed to work with Windows XP based computers. ...
Audit Policy: Account Logon: Other Account Logon Events
This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local acco ...
Audit Policy: Detailed Tracking: DPAPI Activity
This subcategory reports encrypt or decrypt calls into the data protections application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. Events for this subcategory include:
? 4692: Backup of data protection master key was attempted.
? 4693: Recovery of data protection master key was attemp ...
Audit Policy: Detailed Tracking: Process Creation
This subcategory reports the creation of a process and the name of the program or user that created it. Events for this subcategory include:
? 4688: A new process has been created.
? 4696: A primary token was assigned to process.
Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 200 ...
Audit Policy: DS Access: Directory Service Access
This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server. This subcategory applies only to domain controllers. Even ...
Audit Policy: Policy Change: Authorization Policy Change
This subcategory reports changes in authorization policy including permissions (DACL) changes. Events for this subcategory include:
? 4704: A user right was assigned.
? 4705: A user right was removed.
? 4706: A new trust was created to a domain.
? 4707: A trust to a domain was removed.
? 4714: Encrypted data recovery policy was changed.
Audit Policy: System: Security State Change
This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include:
? 4608: Windows is starting up.
? 4609: Windows is shutting down.
? 4616: The system time was changed.
? 4621: Administrator recovered system from CrashOnAuditFail. Users who are not administrato ...
Audit system events
This policy setting is very important because it allows you to monitor system events that succeed and fail, and provides a record of these events that may help determine instances of unauthorized system access. System events include starting or shutting down computers in your environment, full event logs, or other security-related events that affect the entire system.
Audit: Audit the use of Backup and Restore privilege
This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit event will be generated for every file that is backed up or restored.
If the Audit: Audit the use of Backup and Restore privilege setting is enable ...
Audit: Shut down system immediately if unable to log security audits
This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log them. Microsoft has chosen to meet t ...
Pages:      Start    15    16    17    18    19    20    21    22    23    24    25    26    27    28    ..   2363
© 2013 SecPod Technologies