Audit account (Windows 2000 AD)

---

• From: Peter Rodger <prodger2008@xxxxxxxxx>
• Date: Tue, 28 Feb 2006 14:11:04 -0800 (PST)

---

Hi all,

We need to audit disabled account, expired account and
password changes. I enabled auditing domain policy to
audit account management success and failure events
(also logon). But, nothing is logged on the event log
as posted on the MS site.

FMT_MTD.1(c)

CAPP ? 5.4.5
All modifications to the values of TSF data (user
security attributes - including the new value of the
TSF data)
Category: Policy change

608 ? User right assigned.

609 ? User right removed.

Category: Account management

624 ? User account created.

625 ? User account type changed.

626 ? User account enabled.

629 ? User account disabled.

630 ? User account deleted.

I just doisabled two accounts and enabled them. No
event 629 & 626 logged in the security log.

Is something I missed?

Thanks for your help as it's urgent.

Peter


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

---

• Prev by Date: Password Change Management
• Next by Date: Re: Avoiding tunnels
• Previous by thread: Password Change Management
• Next by thread: Re: Audit account (Windows 2000 AD)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows Passwords ... "Windows Vista for Dummies" manual. ... I started by creating a test user account. ... The reason I say this is that, when I turned the Guest ... (microsoft.public.windows.vista.general) Re: Help Me Understand User Accounts ... When you log off and log back in as the limited user you'll be able to ... you'll need to set up a new email account (under the new ... limited user account) the same as you had before, ... Administrator accounts are the default type of account ... (microsoft.public.windowsxp.security_admin) Re: Windows Service Account ... you can use the find IIDentity to the user to give folder permissions ... The OP does not need to find which user account is running the Windows ... Local System account has mighty ... (microsoft.public.dotnet.general) Re: DC Temporarily Off-line, Remaining DC Struggling ... suspects this issue is related to the account and roaming profile. ... Please make sure all user accounts are replicated to win2k3 DC. ... Does this issue only occurs if the user account uses ... (microsoft.public.windows.server.active_directory) Re: Logoff / Slow Bootups / Outlook attachements / Outlook Not res ... When you logon the problematic user account on the good user's computer, ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2006-03