AZMan auditing

From: Christopher Kish (kishme_at_integic.com)
Date: 10/08/03 

Date: Wed, 8 Oct 2003 11:32:53 -0700

I am looking at using AZMan (authorization manager) for
application security. I have a requirement to audit
changes made to the security store such that an auditor
can view the user who changed the store and what was
changed. I also must provide the application in an
environment that may not have Windows 2003 Active
Directory capabilities. I chose to test AZman using an
XML data store. I've followed the instructions in the
help file regarding enabling auditing, by doing the
following:

1: Create a security store (in my case c:\test.xml)
2: Enable object auditing in security policy (I have
local success and fail turned on for object access)
3: Allow use of "Generate Security Audits" and "Manage
Auditing and Security Log" system privileges (assigned to
Administrators group - I am logged in as an administrator)
4: Check "Runtime application initialization auditing"
and "Runtime client context and access check auditing"
checkboxes (both are checked).
 
I have been unable to get any meaningful audits out of
the authorization manager. I see events indicating that
I accessed the file using the mmc process, but there is
no information about what exactly was changed. Is this
normal and what is considered auditing? If so, it
doesn't give auditors a very good view into what was done
to the authorization store. If this is not normal, what
else should I check?

Many thanks,
Chris

Relevant Pages

  • AZMan audits with XML data store
    ... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ...
    (microsoft.public.platformsdk.security)
  • Re: AZMan auditing
    ... AzMan XML store auditing is granular to the AzAuthorizationStore object ... > changes made to the security store such that an auditor ...
    (microsoft.public.platformsdk.security)
  • Re: System Security Audits
    ... Security's Auditing Tools and security templates. ... > By system security audits I mean things like checking if computer ... > permissions (not too high or to say if user has restrictive ...
    (Pen-Test)
  • Re: Event viewer
    ... Why do you want "My Audits size in the Event Viewer is 14MB and the Audits date back to Oct 2003". ... Event Source: Security ... empty, or has one entry in it - "The audit log was cleared ". ... system down with all the unnecessary activity logging. ...
    (microsoft.public.windowsxp.basics)
  • Re: audit user activity
    ... you can set filter to view the Security log for a particular user. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Right-click Small Business Server Auditing Policy and click Edit. ...
    (microsoft.public.windows.server.sbs)