Re: Event Viewer
From: Kenneth Bryant (kbryant_at_checksinthemail.com)
Date: 04/26/05
- Next message: Kenneth Bryant: "Logon Problem"
- Previous message: Roger Abell: "Re: logging data accessed by user"
- In reply to: Steven L Umbach: "Re: Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Apr 2005 09:15:06 -0500
thank you.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uDX2EOgSFHA.3988@tk2msftngp13.phx.gbl...
> It all depends on your security policy and needs for your situation. At
bare
> minimum it is a good idea to enable in Domain Controller Security Policy -
> auditing of "account logon" events for success and failure, system events
> for success and failure, logon events for failure, account management for
> success and failure, and policy change for success and failure. For domain
> computers auditing of "logon" events for success and failure, system
events
> for success and failure, policy change for success and failure, and
account
> management for success and failure is a good idea. Make sure the size of
the
> security logs has been increased quite a bit from default. The link below
> should be helpful. --- Steve
>
>
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
>
> "Kenneth Bryant" <kbryant@checksinthemail.com> wrote in message
> news:%23OHLYrdSFHA.2520@TK2MSFTNGP09.phx.gbl...
> > We are running Win2k With AD. Does anybody know what are the best
events
> > to
> > look for when tracking possible security breaches? Is there a website
> > that
> > has what event id's to look for?
> >
> > Thanks,
> >
> > Kenneth
> >
> >
>
>
- Next message: Kenneth Bryant: "Logon Problem"
- Previous message: Roger Abell: "Re: logging data accessed by user"
- In reply to: Steven L Umbach: "Re: Event Viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
