Re: AZMan auditing

From: Chaitanya D. Upadhyay [MS] (chaitu_at_online.microsoft.com)
Date: 10/22/03 

Date: Wed, 22 Oct 2003 13:09:46 -0700

AzMan XML store auditing is granular to the AzAuthorizationStore object
only. The audit will not contain what information changed. AD provides the
granularity to AzApplication object level. Version 2 of AzMan will provide
finer granularity. 

-- 
Chaitanya D. Upadhyay [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
To reply to this email, please use the newsgroup.
"Christopher Kish" <kishme@integic.com> wrote in message
news:044c01c38dca$963a76f0$a101280a@phx.gbl...
> I am looking at using AZMan (authorization manager) for
> application security.  I have a requirement to audit
> changes made to the security store such that an auditor
> can view the user who changed the store and what was
> changed.  I also must provide the application in an
> environment that may not have Windows 2003 Active
> Directory capabilities.  I chose to test AZman using an
> XML data store.  I've followed the instructions in the
> help file regarding enabling auditing, by doing the
> following:
>
> 1: Create a security store (in my case c:\test.xml)
> 2: Enable object auditing in security policy (I have
> local success and fail turned on for object access)
> 3: Allow use of "Generate Security Audits" and "Manage
> Auditing and Security Log" system privileges (assigned to
> Administrators group - I am logged in as an administrator)
> 4: Check "Runtime application initialization auditing"
> and "Runtime client context and access check auditing"
> checkboxes (both are checked).
>
> I have been unable to get any meaningful audits out of
> the authorization manager.  I see events indicating that
> I accessed the file using the mmc process, but there is
> no information about what exactly was changed.  Is this
> normal and what is considered auditing?  If so, it
> doesn't give auditors a very good view into what was done
> to the authorization store.  If this is not normal, what
> else should I check?
>
> Many thanks,
> Chris
>
>
>

Relevant Pages

  • AZMan auditing
    ... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ...
    (microsoft.public.platformsdk.security)
  • AZMan audits with XML data store
    ... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ...
    (microsoft.public.platformsdk.security)
  • Re: audit user activity
    ... you can set filter to view the Security log for a particular user. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Right-click Small Business Server Auditing Policy and click Edit. ...
    (microsoft.public.windows.server.sbs)
  • Re: Pen-testing Internships?
    ... I know that Wells Fargo has a program for IT auditing where they go to ... > very good resource for learning and collaboration among IT Security ... Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. ... You have an option to go with a managed service or an enterprise software. ...
    (Pen-Test)
  • RE: Sharing Folder and Files
    ... you need to enable Local Security Auditing and then auditing on your ... The audited entries can be viewed under Event Viewer --> Security. ... --> Enable auditing on your folders. ...
    (microsoft.public.win2000.file_system)