Re: Class on Rights and Auditing

From: Eric Fitzgerald [MSFT] (ericf_at_online.microsoft.com)
Date: 08/22/05

Next message: aby: "how to avoid auto sign in"

Previous message: Eric Fitzgerald [MSFT]: "Re: Recurring Event Id: 529, Windows 2000 SP4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 22 Aug 2005 09:30:28 -0700

I believe that Randy Franklin Smith conducts classes on the Windows audit
log.

-- 
This information is provided "AS-IS" with no warranty, and confers no 
rights.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message 
news:Osc%23NP9iFHA.3568@TK2MSFTNGP10.phx.gbl...
> There is a lot of information on user rights in the Windows 2003 or XP Pro 
> Security Guides and the Threats and Countermeasures Guide. There is not 
> much to auditing folders and files other that enabling auditing of object 
> access and then configure the permissions to audit on the folder/file 
> properties. What is important is to enable auditing of the least amount of 
> folders/files, for the least amount of permissions, for the most specific 
> groups [avoid users/everyone] to get the job done. Then you have to parse 
> the security log for the object access events that relate to the 
> information you need and that is a bit challenging until you try it for a 
> while experimenting on a computer . The free Microsoft tool Event Comb can 
> help search a security log for specific event ID's and text strings such 
> as for a file/folder/user name. The links below should be helpful. ---  
> Steve
>
> http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch00.mspx   
>  -- chapter 4 is on user rights.
> http://www.microsoft.com/technet/security/default.mspx   --- TechNet 
> Security Center.
> http://support.microsoft.com/default.aspx?scid=kb;en-us;301640    --- how 
> to enable folder/file auditing.
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/50fdb7bc-7dae-4dcd-8591-382aeff2ea79.mspx
>
>
> "tdothawk" <tdothawk@discussions.microsoft.com> wrote in message 
> news:D9C16279-E2F6-46D7-B386-7E507A9EB061@microsoft.com...
>>I am looking for a class that is heavy in rights and rights assignment as
>> well as file and folder auditing.  Any recommendations would be a great 
>> help.
>> Thanks
>
>

Next message: aby: "how to avoid auto sign in"

Previous message: Eric Fitzgerald [MSFT]: "Re: Recurring Event Id: 529, Windows 2000 SP4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Server 2003 updates fail
... Some how the administrators was removed from Manage auditing and security log in the local security setting. ... > Please verify permissions on the following rights include the built-in ... I was log on as the administrator when getting ...
(microsoft.public.windowsupdate)
Troubleshooting DCOM Error
... I have a VB6 application that runs as a service using the NTSVC control, ... Lock service database for exclusive access ... What appear to be rights it is ... trying to use in the security log do not appear in the Local Security Policy ...
(microsoft.public.win2000.security)
Re: Windows 2003 Power Cfg Permission
... Enabling the auditing of privilege use gave me the info. ... required in order to change Power Options. ... After re-adding the rights to ...
(microsoft.public.windows.server.security)
Re: Error on password reset
... auditing to see what rights are being used during the execution. ... > Windows will attempt to disable this account. ... I'm not getting anything in the security event log, ...
(microsoft.public.windows.server.active_directory)
Re: Account management events audit !!
... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>controllers). ... >>auditing on the default domain policy. ...
(microsoft.public.win2000.active_directory)