Terminal Services Auditing not working
From: Noah White (noah@baysystems.com)Date: 07/19/02
- Previous message: C.B.: "RE: local security policy"
- Next in thread: Bryan Ponnwitz: "Re: Terminal Services Auditing not working"
- Reply: Bryan Ponnwitz: "Re: Terminal Services Auditing not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Jul 2002 10:01:58 -0400 From: Noah White <noah@baysystems.com> To: focus-ms@securityfocus.com, security-basics@securityfocus.com
Hello,
I'm running Win2K server SP2. Using the Local Security Policy tool I've
set the Audit Policy to audit the following (S - success; F - Failure):
Audit Account logon event - S/F
Audit logon events - S/F
Then using the Terminal Services Configuration tool I've right clicked
on the RDP-Tcp connection and selected Properties. From there selected
the Permissions tab and clicked on the Advanced button. From the next
screen I've click the Auditing tab and added Administrator. I've
selected Successful/Failed for all the Access options except Message and
Virtual channel and applied them.
I've rebooted the system and logged in through Terminal Services but the
security event log does not contain any Terminal Services specific event
IDs such as 682. I do see the normal system logon auditing events
generated by the local security policy auditing settings but that's it.
Does TS auditing even work? What am I missing?
TIA,
-Noah
- Previous message: C.B.: "RE: local security policy"
- Next in thread: Bryan Ponnwitz: "Re: Terminal Services Auditing not working"
- Reply: Bryan Ponnwitz: "Re: Terminal Services Auditing not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
