Re: missing key/value in registry of w2k server - hot to track it?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: Mon, 13 Jun 2005 00:17:22 -0700
If the disappearing key/value is recurring, happening over
and over each time you reestablish the key/value, then you
could consider increasing the size of the security log, making
sure that the auditing ACL of the relevant key is set to record
any change events for Everyone, and that the audit policy is
set to record success and failure for object access.
Other than that there really is no record of what has happened,
at least not in a standard fashion (ex. some software may have
written a custom log file).
-- Roger Abell Microsoft MVP (Windows Security) "kono" <firstname.lastname@example.org> wrote in message news:F720537B-641E-4A55-84B6-30AB99AF2BC9@microsoft.com... > Hi Roger, > The event log didn't cater when the problem was occured since I found that > the oldest system/security event log was cleaned up and remain only 3 days > ago. The problem was encountered 6 days ago.....please advise... > > "Roger Abell [MVP]" wrote: > > > The main way to uncover such things is the event log if there was > > auditing configured before the event occurred. After it is done and > > the change has happened there is little trace that remains, but one > > can always examine the system for unknown/suspect software. > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server: Security) > > > > "kono" <email@example.com> wrote in message > > news:B8A63223-0A8A-41EB-90F5-468450A5BA44@microsoft.com... > > > wi there, > > > Recently I have a problem that the key included the value in registry had > > > been deleted / missing but I can not find why or by who? My question is > > > perharps there is a way to zoom in why it could be happened and how to > > > track > > > the causing of missing key/value in registry. Is there any tools to help > > > it > > > out? Thanks for your help..... > > > > > >