Re: Security Auditing on Windows 2003 Server

From: Derek Melber [MVP] (derekm_at_braincore.net)
Date: 04/17/04

  • Next message: Roger Abell: "Re: permission denied on overwriting files (2003)" 
    Date: Fri, 16 Apr 2004 16:17:17 -0700

    yeah... events are recorded at the computer where the activity occurs. Now,
    if you are just looking at domain logons... this will occur on the DCs (all
    of them!). There will also be events on the client computer, but they should
    match the DCs. If you want more than just the logons to the domain... you
    will need to setup an elaborate scheme for what to log and how to audit the
    logs.

    I just wrote an article that might help with this. Check out:

    http://mcpmag.com/features/article.asp?EditorialsID=407 

    -- 
Derek Melber
BrainCore.Net
derekm@braincore.net
"sheep99dog" <sheep99dog@go.com> wrote in message
news:c5pnb001a1j@news1.newsguy.com...
> Have a small Windows 2000 network with a Windows 2003 server.  User
> authentication is set up to be done on the server.  We are required to
audit
> security failures; things like login failures, etc., and would prefer that
> all security relevant events be recorded on the server.  That way,
> performing the security audit only requires inspection on the server
> machines.  Unfortunately, it appears that security events (as reported in
> the Event Log) are recorded on the client machines, and NOT on the server.
> This puzzles me.  Can anyone help?
>
>
  • Next message: Roger Abell: "Re: permission denied on overwriting files (2003)"

    Relevant Pages

    • Re: compacting servers
      ... DC/DNS/DHCP/WINS on one server, assuming the same person or group of person ... Remember that the DCs are the walls of your security. ...
      (microsoft.public.windows.server.active_directory)
    • DC on Exchange Server?
      ... I was told that it was a security issue to have the AD DC on my exchange ... I also have two other DCs in my domain, would it be a bad thing to ... do a DCPromo and remove the DC from my Exchange server. ...
      (microsoft.public.exchange2000.admin)
    • security-basics Digest of: get.123_145
      ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
      (Security-Basics)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)