Security Basics mailing list archives
RE: sec event log question (change to Encrypted Data Recovery Pol icy)
From: "Portman, Timm" <TPortman () parts-unltd com>
Date: Thu, 17 Oct 2002 12:55:37 -0500
except it doesn't re-occurr with each reboot, and I've not seen it on other servers. I'm wondering if it is a security concern or something normal and ignorable like a MS critical update patch making a system change. -----Original Message----- From: Odhner, Christian [mailto:Christian.Odhner () netapp com] Sent: 17 October 2002 12:34 To: 'Portman, Timm'; 'security-basics () securityfocus com' Subject: RE: sec event log question (change to Encrypted Data Recovery Pol icy)
PolEfDat: <binary data> (<binary data>);
If I had to guess (and I do, because I have no actual knowledge or experience with this) I would say that PolEfDat means "Policy Effective Date", ie the date and time that the policy most recently started being enforced. This would make sense because it's changing each time you reboot the system. -Chris --Original Sec-event log message: Event Type: Success Audit Event Source: Security Event Category: Policy Change Event ID: 618 Date: 2002/10/15 Time: 08:50:19 User: NT AUTHORITY\SYSTEM Computer: <...SNIP...> Description: Encrypted Data Recovery Policy Changed: Changed By: User Name: <...SNIP...>$ Domain Name: <...SNIP...> Logon ID: (0x0,0x3E7) Changes made: ('--' means no changes, otherwise each change is shown as: <ParameterName>: <new value> (<old value>)) PolEfDat: <binary data> (<binary data>);
Current thread:
- RE: sec event log question (change to Encrypted Data Recovery Pol icy) Portman, Timm (Oct 17)