AZMan audits with XML data store

From: Christopher Kish (kishme_at_integic.com)
Date: 10/03/03

• Next message: Neil Kolban: "Newbie: Need some pointers; architecture/APIs for protecting application owned resources"
• Previous message: Alun Jones [MS MVP]: "Re: Windows 2003 + Certificate Store + AcquireCredentialsHandle + SEC_E_UNKNOWN_CREDENTIALS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 3 Oct 2003 12:23:26 -0700

I am looking at using AZMan (authorization manager) for
application security. I have a requirement to audit
changes made to the security store such that an auditor
can view the user who changed the store and what was
changed. I also must provide the application in an
environment that may not have Windows 2003 Active
Directory capabilities. I chose to test AZman using an
XML data store. I've followed the instructions in the
help file regarding enabling auditing, by doing the
following:

1: Create a security store (in my case c:\test.xml)
2: Enable object auditing in security policy (I have
local success and fail turned on for object access)
3: Allow use of "Generate Security Audits" and "Manage
Auditing and Security Log" system privileges (assigned to
Administrators group - I am logged in as an administrator)
4: Check "Runtime application initialization auditing"
and "Runtime client context and access check auditing"
checkboxes (both are checked).
 
I have been unable to get any meaningful audits out of
the authorization manager. I see events indicating that
I accessed the file using the mmc process, but there is
no information about what exactly was changed. Is this
normal and what is considered auditing? If so, it
doesn't give auditors a very good view into what was done
to the authorization store. If this is not normal, what
else should I check?

Many thanks,
Chris

• Next message: Neil Kolban: "Newbie: Need some pointers; architecture/APIs for protecting application owned resources"
• Previous message: Alun Jones [MS MVP]: "Re: Windows 2003 + Certificate Store + AcquireCredentialsHandle + SEC_E_UNKNOWN_CREDENTIALS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages AZMan auditing ... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ... (microsoft.public.platformsdk.security) Re: AZMan auditing ... AzMan XML store auditing is granular to the AzAuthorizationStore object ... > changes made to the security store such that an auditor ... (microsoft.public.platformsdk.security) Re: System Security Audits ... Security's Auditing Tools and security templates. ... > By system security audits I mean things like checking if computer ... > permissions (not too high or to say if user has restrictive ... (Pen-Test) Re: audit user activity ... you can set filter to view the Security log for a particular user. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Right-click Small Business Server Auditing Policy and click Edit. ... (microsoft.public.windows.server.sbs) Re: Wal Mart Kills Suspected Shoplifter in Parking Lot ... >> These were not security guards. ... >> Stores policies encouraged them to take those actions, Wal Mart itself ... >> corporation's policies if the individual store sees fit. ... (alt.gathering.rainbow)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint