Re: logon and account logon audit events
From: djc (noone_at_nowhere.com)
Date: 09/30/04
- Next message: Virginia P: "Logon Process:SField"
- Previous message: F Larrey: "Privilege elevation not sticking"
- In reply to: Steven L Umbach: "Re: logon and account logon audit events"
- Next in thread: Steven L Umbach: "Re: logon and account logon audit events"
- Reply: Steven L Umbach: "Re: logon and account logon audit events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 14:46:21 -0400
Hey Steven,
Thanks for the reply. Please see inline for a clarification questions. You
also replied to a different issue I had with regard to misinformation with
this same book. I don't know why I'm still reading it.
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:WIX6d.82369$wV.39078@attbi_s54...
> You are correct. Account logon events are recorded on the computer that
> authenticates the user
(ok.. yep) - domain controller for domain user and local
> computer for local account
(ok.. yep.. still with you). Logon events are recorded when a user accesses
a
> share
(A: with you but with question; see below) or logs onto a domain computer
(B: this is where I need clarificaiton: what exactly do you mean by 'logs
onto a domain computer'?). --- Steve
A: where would this type be logged? in the security log of the system
running the server.exe service?
B: what constitutes logging on to a domain computer in this context? opening
up a mapped drive? navigating through network neighborhood to a server
share? using a UNC path to a server share? When I read your response I feel
like I'm with you all the way until this last part really, because 'logs
onto a domain computer' sounds like a ctr+alt+del interactive login to me.
I know, I'm hard headed... but I appreciated your help. I will read the
links you provided as well. Thanks.
>
> http://www.microsoft.com/technet/security/guidance/secmod144.mspx --
> probably better source than your book.
>
http://www.amazon.com/exec/obidos/ASIN/0735618682/qid%3D1030669239/sr%3D11-1/ref%3Dsr%5F11%5F1/104-2211302-2359957
> -- good book on Microsoft security.
>
> "djc" <noone@nowhere.com> wrote in message
> news:uDi47LxpEHA.132@TK2MSFTNGP14.phx.gbl...
> >I just had a book tell me that Logon Events were users interactively
> >logging
> > onto a computer or the domain (after hitting ctr+alt+del, for example)
and
> > that Account Logon events were users connecting to remote machines for
> > resourse usage (connecting to a shared folder, for example)
> >
> > isn't this backwards? isn't the opposite the truth?
> >
> >
>
>
- Next message: Virginia P: "Logon Process:SField"
- Previous message: F Larrey: "Privilege elevation not sticking"
- In reply to: Steven L Umbach: "Re: logon and account logon audit events"
- Next in thread: Steven L Umbach: "Re: logon and account logon audit events"
- Reply: Steven L Umbach: "Re: logon and account logon audit events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
