Re: Event Viewer
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/26/05
- Previous message: Steven L Umbach: "Re: Information on VPN with L2TP"
- In reply to: Kenneth Bryant: "Event Viewer"
- Next in thread: Kenneth Bryant: "Re: Event Viewer"
- Reply: Kenneth Bryant: "Re: Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Apr 2005 21:00:23 -0500
It all depends on your security policy and needs for your situation. At bare
minimum it is a good idea to enable in Domain Controller Security Policy -
auditing of "account logon" events for success and failure, system events
for success and failure, logon events for failure, account management for
success and failure, and policy change for success and failure. For domain
computers auditing of "logon" events for success and failure, system events
for success and failure, policy change for success and failure, and account
management for success and failure is a good idea. Make sure the size of the
security logs has been increased quite a bit from default. The link below
should be helpful. --- Steve
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
"Kenneth Bryant" <kbryant@checksinthemail.com> wrote in message
news:%23OHLYrdSFHA.2520@TK2MSFTNGP09.phx.gbl...
> We are running Win2k With AD. Does anybody know what are the best events
> to
> look for when tracking possible security breaches? Is there a website
> that
> has what event id's to look for?
>
> Thanks,
>
> Kenneth
>
>
- Previous message: Steven L Umbach: "Re: Information on VPN with L2TP"
- In reply to: Kenneth Bryant: "Event Viewer"
- Next in thread: Kenneth Bryant: "Re: Event Viewer"
- Reply: Kenneth Bryant: "Re: Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
