Re: startup/shutdown events not being logged

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/14/05 

Date: Wed, 13 Apr 2005 18:04:43 -0500

First make sure you are looking in the security log for those events in the
domain computers themselves. If they are still not showing check Local
Security Policy on one of the computers - secpol.msc to see if the policy
has propagated or not. If it has in XP Pro then you will not be able to
change it in Local Security Policy. If the local policy can not be changed
but is different then you expect then possibly policy is being applied at a
different level such as the Organizational Unit level if the computers are
not in the default computers container. You can run the support tool
gpresult on a domain computer and it will show what Group Policies have been
applied to a domain computer and the last time they were applied. Using the
Resultant Set of Policy mmc snapin in logging mode from the domain
controller can show you exactly what policy is being applied to a domain
computer and what Group Policy is applying it --- Steve

<eric.hall@gmail.com> wrote in message
news:1113419990.167189.216090@z14g2000cwz.googlegroups.com...
> on Wed, 13 Apr 2005 13:53:57 -0500, "Steven L Umbach"
> <n...@nospam-comcast.net> wrote:
>
>> I tired the same thing and I find that I get events 513, 514, 515
>
> Those would be good enough for my purposes but I don't even get them.
> None of the major system events seem to be getting triggered here, even
> though the audit policy is enabled. Is there a second switch somewhere
> that I have to flip?
>

Relevant Pages

  • Re: Basic Security Help
    ... > a network is weak or no passwords followed by malicious user on your ... Be sure to educate users of any pending changes to password policy ... > Windows Updates or using a SUS server to authorize and distribute security ... > network including how to isolate and repair infected computers. ...
    (microsoft.public.security)
  • Re: Preventing users from c onnecting to shares NOT on the domain..
    ... First condition would be to set "Require Security" policy to "Restricted ... These computers could be excluded by IP address, ... > The servers might be located on the same subnet of some of the clients. ...
    (microsoft.public.win2000.networking)
  • Re: Preventing users from c onnecting to shares NOT on the domain..
    ... First condition would be to set "Require Security" policy to "Restricted ... These computers could be excluded by IP address, ... > The servers might be located on the same subnet of some of the clients. ...
    (microsoft.public.win2000.security)
  • Re: Blocking port scans on local network
    ... > additional restrictions for anonymous connections in this security guide. ... > do not recommend applying ipsec policy wide scale without some testing of ... > between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • Re: Security Treats
    ... -- No or poor password and account lockout policy. ... -- Misconfigured operating systems - particularly domain controllers and dns. ... -- Not using Group Policy to manage/enforce Internet Explorer security settings. ... -- Not physically securing sensitive computers, ...
    (microsoft.public.win2000.security)