RE: Auditing a reboot
From: Brad Judy (judy@colorado.edu)
Date: 04/21/03
- Previous message: David Vincent: "RE: Does In-Place Upgrade of Microsoft Exchange Create Open Rela ys?"
- In reply to: Hillensbeck, Preston: "Auditing a reboot"
- Next in thread: Hillensbeck, Preston: "RE: Auditing a reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brad Judy" <judy@colorado.edu> To: "'Hillensbeck, Preston'" <PHillensbeck@sfbcic.com>, <focus-ms@securityfocus.com> Date: Mon, 21 Apr 2003 08:29:54 -0600
There are several items that are logged on startup, some of which may
also be logged at other times. Try the normal first item to be logged -
an event 6009 that states the basic OS version information. See this KB
article for more info -
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196452
Note that this is an event that occurs on startup regardless of how the
machine was shut down. Other events may be logged as discussed in the
article above. If you want something more specific you may have to look
elsewhere.
Brad Judy
Information Technology Services
University of Colorado at Boulder
> -----Original Message-----
> From: Hillensbeck, Preston [mailto:PHillensbeck@sfbcic.com]
> Sent: Monday, April 21, 2003 7:14 AM
> To: 'focus-ms@securityfocus.com'
> Subject: Auditing a reboot
>
>
> How would you go about auditing when a machine is rebooted,
> domain wise? I have looked high and low for an answer, and I
> can't seem to find one. This is a Windows 2000 question, and
> I am running Active Directory. I have tried auditing system
> events, both successes and failures, but cannot get event
> viewer to spit out the right information. Thanks in advance.
>
>
>
> --------------------------------------------------------------
> ---------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in
> Amsterdam, the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers
> with no vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------------
>
-----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------------
- Previous message: David Vincent: "RE: Does In-Place Upgrade of Microsoft Exchange Create Open Rela ys?"
- In reply to: Hillensbeck, Preston: "Auditing a reboot"
- Next in thread: Hillensbeck, Preston: "RE: Auditing a reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
