Security Basics mailing list archives
Audit account (Windows 2000 AD)
From: Peter Rodger <prodger2008 () yahoo com>
Date: Tue, 28 Feb 2006 14:11:04 -0800 (PST)
Hi all, We need to audit disabled account, expired account and password changes. I enabled auditing domain policy to audit account management success and failure events (also logon). But, nothing is logged on the event log as posted on the MS site. FMT_MTD.1(c) CAPP 5.4.5 All modifications to the values of TSF data (user security attributes - including the new value of the TSF data) Category: Policy change 608 User right assigned. 609 User right removed. Category: Account management 624 User account created. 625 User account type changed. 626 User account enabled. 629 User account disabled. 630 User account deleted. I just doisabled two accounts and enabled them. No event 629 & 626 logged in the security log. Is something I missed? Thanks for your help as it's urgent. Peter __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Audit account (Windows 2000 AD) Peter Rodger (Mar 01)
- <Possible follow-ups>
- Re: Audit account (Windows 2000 AD) Peter Rodger (Mar 02)
- Re: Audit account (Windows 2000 AD) jim_lynch (Mar 02)