Security Basics mailing list archives
Re: Audit account (Windows 2000 AD)
From: Peter Rodger <prodger2008 () yahoo com>
Date: Thu, 2 Mar 2006 09:19:54 -0800 (PST)
Yes. audit directory service access (failure) audit policy change (sucess, failure) audit account management (success, failure) audit account logon events (sucess, failure) audit logon events (sucess, failure) on domain controllers Any idea? Thank you, Peter --- jfvanmeter () comcast net wrote:
do you have the audit directory services access and policy change audit settings configured? There under Computer config | Windows Settings | Local Policy | Auditing if your doing this from in a GPO there in -------------- Original message -------------- From: Peter Rodger <prodger2008 () yahoo com>Hi all, We need to audit disabled account, expired accountandpassword changes. I enabled auditing domain policytoaudit account management success and failureevents(also logon). But, nothing is logged on the eventlogas posted on the MS site. FMT_MTD.1(c) CAPP ?5.4.5 All modifications to the values of TSF data (user security attributes - including the new value oftheTSF data) Category: Policy change 608 ?User right assigned. 609 ?User right removed. Category: Account management 624 ?User account created. 625 ?User account type changed. 626 ?User account enabled. 629 ?User account disabled. 630 ?User account deleted. I just doisabled two accounts and enabled them. Noevent 629 & 626 logged in the security log. Is something I missed? Thanks for your help as it's urgent. Peter __________________________________________________Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spamprotection aroundhttp://mail.yahoo.com
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE- ONLINEThe Norwich University program offers unparalleledInfosec managementeducation and the case study affords you unmatchedconsulting experience.Tailor your education to your own professionalgoals with degreecustomizations including Emergency Management,Business Continuity Planning,Computer Emergency Response Teams, and DigitalInvestigations.http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Audit account (Windows 2000 AD) Peter Rodger (Mar 01)
- <Possible follow-ups>
- Re: Audit account (Windows 2000 AD) Peter Rodger (Mar 02)
- Re: Audit account (Windows 2000 AD) jim_lynch (Mar 02)