System Audit
From: michael (noemail@bleh.com)
Date: 07/09/02
- Next message: Bill Stewart: "Re: SAM - Security Account Manager - what is it? and how would I know if it's corrupt?"
- Previous message: michael: "SAM - Security Account Manager - what is it? and how would I know if it's corrupt?"
- In reply to: TA: "System Audit"
- Next in thread: andy: "System Audit"
- Reply: andy: "System Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "michael" <noemail@bleh.com> Date: Tue, 9 Jul 2002 13:05:47 -0700
which platform? nt4, win2k?
for nt4:
- open usrmgr against the machine(s) in question.
- fromt he pull down menu, select policies --> audit
- check the "audit these events" box
- check the success and failures options for "restart,
shutdown, and system"
these events will now be logged in the event log.
for win2k:
- open the "local security policy" mmc
- choose computer configuration --> windows setttings -->
local policies --> audit policy
- enable success and failures for "audit system events"
>-----Original Message-----
>I was curious if anyone knows if you can audit a specific
>event. I just want to audit system shutdown and who might
>be doing that. I know it's probably a easy question I'm
>more of a developer but the admin left the company and
>just doing so basic stuff until a new one is hired.
>
>
>.
>
- Next message: Bill Stewart: "Re: SAM - Security Account Manager - what is it? and how would I know if it's corrupt?"
- Previous message: michael: "SAM - Security Account Manager - what is it? and how would I know if it's corrupt?"
- In reply to: TA: "System Audit"
- Next in thread: andy: "System Audit"
- Reply: andy: "System Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
