Re: Security Event Log
From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 08/13/02
- Next message: Nether: "Installing OCX requires ADMIN PRIVS?"
- Previous message: Pharmacy: "Re: FTP Site won't work"
- In reply to: Jim Campau \(A+ MCSE\): "Re: Security Event Log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> Date: Tue, 13 Aug 2002 11:10:59 -0700
Also, there is a class of bugs called "token leaks", where an application
fails to properly dispose of acquired tokens and therefore no logoff event
is generated. We added a new event for Windows .NET Server ("begin logoff")
that helps to cause the audit log to be consistent even in the presence of
such bugs.
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing and Intrusion Detection Microsoft Corporation "Jim Campau (A+ MCSE)" <Jim_Campau@bausch.com> wrote in message news:uUuc2zLOCHA.1660@tkmsftngp08... > If a user logs on to the system then is disconnected; then he did not log > off. Sure the user is in effect logged off by the system / or timed out but > the actual log off event never takes place. > > > "Komfort IT" <it_koe@hotmail.com> wrote in message > news:Oi$AdoLOCHA.1980@tkmsftngp12... > > Hello, > > > > Would I be correct in assuming that for EVERY 540 event there should also > be > > a appropriate 538 event. > > > > I am trying to match 540 events to 538 events by comparing the Username > and > > LogonID. Should there always be a matching pair? > > > > Regards, > > > > Gavin Faux > > Systems Developer > > Komfort Office Environments plc > > > > > >
- Next message: Nether: "Installing OCX requires ADMIN PRIVS?"
- Previous message: Pharmacy: "Re: FTP Site won't work"
- In reply to: Jim Campau \(A+ MCSE\): "Re: Security Event Log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
