Full Disclosure mailing list archives
Re: Windows 2000 Logout events are not monitored!
From: Darren Bennett <DARREN.L.BENNETT () saic com>
Date: Tue, 11 Nov 2003 08:36:56 -0800
Bill,
In windows 2k pro it is even 538. Are you talking about win 2k server
only? In either case, logout events in win2k pro are broken. If anyone
has a fix, I'd be happy to hear about it.
-Darren
On Mon, 2003-11-10 at 16:44, Bill Royds wrote:
The logout even is event number 540 in security log. All the Win2K I manage
have these entries for every logout. Check your security policy to ensure
that you are recording them.
There are in Local Security Policy MMS under Local Policies/Audit
Events/{Audit account logon events,Audit logon events}. YOu want both
success and failure to caputre a successful logoff.
----- Original Message -----
From: "Darren Bennett" <DARREN.L.BENNETT () saic com>
To: "Full Disclosure" <full-disclosure () lists netsys com>
Sent: Monday, November 10, 2003 12:42 PM
Subject: [Full-disclosure] Windows 2000 Logout events are not monitored!
: It's possible this has been on the list before but I'm going to check
: anyway. With windows 2000 (server is the platform I have tested), when
: auditing of login/logout events is enabled, only login events are
: recorded. This appears to be a bug with Windows. I have tried applying a
: patch from Microsoft that is supposed to fix this and the patch didn't
: work. Anyone else seen this behavior? Any suggestions on how I could
: record logout events without relying on MS?
:
: -Thanks,
:
: Darren
:
:
: -----------------------------------------------
: Darren Bennett - CISSP
: Sr. Systems Administrator/Manager
: Science Applications International Corporation
: Advanced Systems Development and Integration
: -----------------------------------------------
:
: _______________________________________________
: Full-Disclosure - We believe in it.
: Charter: http://lists.netsys.com/full-disclosure-charter.html
-- ----------------------------------------------- Darren Bennett - CISSP Sr. Systems Administrator/Manager Science Applications International Corporation Advanced Systems Development and Integration ----------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows 2000 Logout events are not monitored! Darren Bennett (Nov 10)
- Re: Windows 2000 Logout events are not monitored! Bill Royds (Nov 10)
- Re: Windows 2000 Logout events are not monitored! Darren Bennett (Nov 11)
- Re: Windows 2000 Logout events are not monitored! Bill Royds (Nov 11)
- Re: Windows 2000 Logout events are not monitored! Darren Bennett (Nov 11)
- Re: Windows 2000 Logout events are not monitored! Bill Royds (Nov 10)