Re: Audit account (Windows 2000 AD)

[Peter Rodger <prodger2008 () yahoo com>]

Yes.  

audit directory service access (failure)
audit policy change (sucess, failure)
audit account management (success, failure)
audit account logon events (sucess, failure)
audit logon events (sucess, failure)
on domain controllers

Any idea?

Thank you,

Peter

      

--- jfvanmeter () comcast net wrote:

> do you have the audit directory services access and
> policy change audit settings configured? There under
> Computer config | Windows Settings | Local Policy |
> Auditing if your doing this from in a GPO there in 
> -------------- Original message -------------- 
> From: Peter Rodger <prodger2008 () yahoo com> 
>
> > Hi all, 
> >
> > We need to audit disabled account, expired account
> and 
> > password changes. I enabled auditing domain policy
> to 
> > audit account management success and failure
> events 
> > (also logon). But, nothing is logged on the event
> log 
> > as posted on the MS site. 
> >
> > FMT_MTD.1(c) 
> >
> > CAPP ?5.4.5 
> > All modifications to the values of TSF data (user 
> > security attributes - including the new value of
> the 
> > TSF data) 
> > Category: Policy change 
> >
> > 608 ?User right assigned. 
> >
> > 609 ?User right removed. 
> >
> > Category: Account management 
> >
> > 624 ?User account created. 
> >
> > 625 ?User account type changed. 
> >
> > 626 ?User account enabled. 
> >
> > 629 ?User account disabled. 
> >
> > 630 ?User account deleted. 
> >
> > I just doisabled two accounts and enabled them. No
>
> > event 629 & 626 logged in the security log. 
> >
> > Is something I missed? 
> >
> > Thanks for your help as it's urgent. 
> >
> > Peter 
> >
> >
> > __________________________________________________
>
> > Do You Yahoo!? 
> > Tired of spam? Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
---------------------------------------------------------------------------
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> - ONLINE 
> > The Norwich University program offers unparalleled
> Infosec management 
> > education and the case study affords you unmatched
> consulting experience. 
> > Tailor your education to your own professional
> goals with degree 
> > customizations including Emergency Management,
> Business Continuity Planning, 
> > Computer Emergency Response Teams, and Digital
> Investigations. 
> > http://www.msia.norwich.edu/secfocus 
---------------------------------------------------------------------------
> >


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------