Re: Security Event Messages

From: Rob (Rob_at_discussions.microsoft.com)
Date: 11/05/04

• Next message: Alun Jones [MSFT]: "Re: win2k3 and isa2k vulnerability scan"
• Previous message: Steven L Umbach: "Re: Administrator password"
• In reply to: Steven L Umbach: "Re: Security Event Messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 4 Nov 2004 16:19:07 -0800

Steven,

Thank you for your reply. I did come across the website you provided which
was helpful but I do need some more in-depth.

Does anyone know of other resources?

Thanks

"Steven L Umbach" wrote:

> I don't know of one good reference but the one below is a good start.
>
> http://www.microsoft.com/technet/security/guidance/secmod144.mspx
>
> Event ID 618 "Encrypted Data Recovery policy changed, means that someone
> changed the Group Policy settings for EFS Recovery Agent in a Group Policy
> that affects that computer. Gpresult can be helpful in determining what
> Group Policies apply to a computer.
>
> Event ID 612 "An audit policy was changed" means what it says in that the
> audit policy was changed. Since system made the changes both events were
> probably generated by Group Policy applied to the computer at the domain or
> Organizational Unit level. Event Viewer will show an event when security
> policy was last applied. --- Steve
>
> "Rob" <Rob@discussions.microsoft.com> wrote in message
> news:75656934-AF71-4626-A16C-F7A15206C6DE@microsoft.com...
> > Hello,
> >
> > Does anyone know of a good reference (web or book) that gives the
> > meaning/definition of security event messages? I referenced Microsoft's
> > web
> > site but does not provide what I need.
> >
> > Example:
> > Event ID 618 "Encrypted Data Recovery policy changed." What does this
> > mean?
> > How was this generated?
> >
> > Event ID 612 "An audit policy was changed." I see quite a bit of these
> > entries but no changes were made in the policy; this was generated by
> > system
> > account. I need a reference that explains why this happens and what it
> > does?
> >
> > Any thoughts on a good reference for what I am looking for?
> >
> > Thanks
>
>
>

---

• Next message: Alun Jones [MSFT]: "Re: win2k3 and isa2k vulnerability scan"
• Previous message: Steven L Umbach: "Re: Administrator password"
• In reply to: Steven L Umbach: "Re: Security Event Messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security Event Messages ... I don't know of one good reference but the one below is a good start. ... changed the Group Policy settings for EFS Recovery Agent in a Group Policy ... > meaning/definition of security event messages? ... (microsoft.public.security) Re: Local policy of this system does not permit you to logon interactively ... I did what you suggested just now and I did not see any reference to ... domain group policy has defined the same setting. ... that a domain group policies has defined this right. ... GPO: ... (microsoft.public.windows.server.sbs) Re: How do I setup a Domain-Wide Legal Notice message for login? ... Group Policy ... > I found a reference in the KB to a legal notice registry key, ... (microsoft.public.win2000.security) Expanding knowledge of Group Policy ... Where can I get a good reference to start learning more ... practises and procedures to group policy? ... (microsoft.public.win2000.group_policy) Re: HELP - cannot install updates on users computers ... However, if you want to take a look in group policy, the section ... firewall/security software are you running on these desktops? ... Network policy settings prevent you from using this website ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)