AZMan audits with XML data store
From: Christopher Kish (kishme_at_integic.com)
Date: 10/03/03
- Next message: Neil Kolban: "Newbie: Need some pointers; architecture/APIs for protecting application owned resources"
- Previous message: Alun Jones [MS MVP]: "Re: Windows 2003 + Certificate Store + AcquireCredentialsHandle + SEC_E_UNKNOWN_CREDENTIALS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Oct 2003 12:23:26 -0700
I am looking at using AZMan (authorization manager) for
application security. I have a requirement to audit
changes made to the security store such that an auditor
can view the user who changed the store and what was
changed. I also must provide the application in an
environment that may not have Windows 2003 Active
Directory capabilities. I chose to test AZman using an
XML data store. I've followed the instructions in the
help file regarding enabling auditing, by doing the
following:
1: Create a security store (in my case c:\test.xml)
2: Enable object auditing in security policy (I have
local success and fail turned on for object access)
3: Allow use of "Generate Security Audits" and "Manage
Auditing and Security Log" system privileges (assigned to
Administrators group - I am logged in as an administrator)
4: Check "Runtime application initialization auditing"
and "Runtime client context and access check auditing"
checkboxes (both are checked).
I have been unable to get any meaningful audits out of
the authorization manager. I see events indicating that
I accessed the file using the mmc process, but there is
no information about what exactly was changed. Is this
normal and what is considered auditing? If so, it
doesn't give auditors a very good view into what was done
to the authorization store. If this is not normal, what
else should I check?
Many thanks,
Chris
- Next message: Neil Kolban: "Newbie: Need some pointers; architecture/APIs for protecting application owned resources"
- Previous message: Alun Jones [MS MVP]: "Re: Windows 2003 + Certificate Store + AcquireCredentialsHandle + SEC_E_UNKNOWN_CREDENTIALS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
