auditing question
From: djc (noone_at_nowhere.com)
Date: 05/17/04
- Next message: News Users: "Re: Macro Certificates with Enterprise Server"
- Previous message: Keith W. McCammon: "Re: Public facing IIS/MSSQL servers in AD?"
- Next in thread: Marin Marinov: "Re: auditing question"
- Reply: Marin Marinov: "Re: auditing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 May 2004 10:12:59 -0400
Win 2000 Server sp4 (single site domain) - the audit policies I'm refering
were created in 'domain security policy'.
I have 'account logon' enabled to audit failed account logon attempts. I
tested and it worked. However I also enabled the auditing of 'logon' events
(failed) and it itsn't doing what I expect. If I'm remembering correctly
'account logon' is only the actuall domain login process (eg.. after
ctrl+alt+del.. logon screen) and 'logon' is after the account logon. For
example 'logon' would be connecting to a network share or printer.
1) please correct me if I'm wrong on diff between 'logon' and 'account
logon'.
2) When testing by trying to connect to a share I don't have access to (I
recieve 'access denied' error message) nothing is logged in the event viewer
security log? Whats wrong? Do 'logon' events have to be used in conjunction
with 'object access' events?
any help is appreciated. Thanks.
- Next message: News Users: "Re: Macro Certificates with Enterprise Server"
- Previous message: Keith W. McCammon: "Re: Public facing IIS/MSSQL servers in AD?"
- Next in thread: Marin Marinov: "Re: auditing question"
- Reply: Marin Marinov: "Re: auditing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
