Re: Security Auditing on Windows 2003 Server

From: Derek Melber [MVP] (derekm_at_braincore.net)
Date: 04/17/04

  • Next message: Roger Abell: "Re: permission denied on overwriting files (2003)"
    Date: Fri, 16 Apr 2004 16:17:17 -0700
    
    

    yeah... events are recorded at the computer where the activity occurs. Now,
    if you are just looking at domain logons... this will occur on the DCs (all
    of them!). There will also be events on the client computer, but they should
    match the DCs. If you want more than just the logons to the domain... you
    will need to setup an elaborate scheme for what to log and how to audit the
    logs.

    I just wrote an article that might help with this. Check out:

    http://mcpmag.com/features/article.asp?EditorialsID=407

    -- 
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "sheep99dog" <sheep99dog@go.com> wrote in message
    news:c5pnb001a1j@news1.newsguy.com...
    > Have a small Windows 2000 network with a Windows 2003 server.  User
    > authentication is set up to be done on the server.  We are required to
    audit
    > security failures; things like login failures, etc., and would prefer that
    > all security relevant events be recorded on the server.  That way,
    > performing the security audit only requires inspection on the server
    > machines.  Unfortunately, it appears that security events (as reported in
    > the Event Log) are recorded on the client machines, and NOT on the server.
    > This puzzles me.  Can anyone help?
    >
    >
    

  • Next message: Roger Abell: "Re: permission denied on overwriting files (2003)"