原站：http://blogs.msdn.com/ericfitz/default.aspx

标签：windows security other logging esoterica

“Windows Security Logging and Other Esoterica”的内容更新

累计：29 篇（自 2008-01-10 起）

更新：约7篇/年，最后更新981 天前

Windows Security Logging and Other Esoterica

Mapping pre-Vista Security Event IDs to Security Eve

i've written twice (here and here) about the relationship between the "old" event ids (5xx-6xx) in ws03 and earlier versions of windows, and between the "new" security event ids (4xxx-5xxx) in vista and beyond.in short, eventid(ws03) + 4096 = eventid(ws08) for almost all security events in ws03.the exceptions are the logon events. the logon success eve... (311 天前)

http://inezha.com/w/vdaylv0

Windows Security Logging and Other Esoterica

Windows Server 2008 Security Events Posted

Fadi, Ned and Brian of the auditing team have documented all the auditing events by audit policy category and subcategory for your reference.Check it out in the Knowledge Base.Even better, they documented all the events in spreadsheet format, and that's propagating to the Microsoft Download Center. I'll publish the link when it's online.2008-04-17 UPD... (311 天前)

http://inezha.com/w/mfcz5vo

Windows Security Logging and Other Esoterica

Minimizing Directory Service Audit Event Noise

I've written before on noise reduction in the Windows security event log. I've also written to describe how object access auditing works. But, I still get questions on how to reduce noise from object access events. The other day I got that question, specific to Directory Service objects, on an internal discussion list so I thought I'd clean up the answer... (311 天前)

http://inezha.com/w/7739iui

Windows Security Logging and Other Esoterica

Tracking User Logon Activity Using Logon Events

I get the question fairly often, how to use the logon events in the audit log to track how long a user was using their computer and when they logged off.As I have written about previously, this method of user activity tracking is unreliable. It works in trivial cases (e.g. single machine where the user doesn't have physical access to the power switch or... (311 天前)

http://inezha.com/w/sca61ub

Windows Security Logging and Other Esoterica

ACS Event Retention Mechanism

I get a lot of questions about how ACS event retention works. So here you go, I'm blogging it so I can just answer with a link :-)There are two DWORD registry values which affect backlog transmission. Both are on the collector machine under HKLM\System\CurrentControlSet\Services\AdtServer\Parameters.EventRetentionPeriod, if present, is expressed in hou... (311 天前)

http://inezha.com/w/w0ck7um

Windows Security Logging and Other Esoterica

ACS' first bug from being too performant

We got several reports recently of a bug in ACS that certain DS Access events, primarily for dnsNode and dnsZone objects, don't properly get looked up.Some background: the event log in Windows prefers to log invariants such as message IDs, parameter message IDs, SIDs (security IDs which represent users and groups, etc.), and GUIDs (globally unique IDs w... (311 天前)

http://inezha.com/w/lj3c6u5

Windows Security Logging and Other Esoterica

If you're gonna herd bots, do it from New Zealand!

A judge in New Zealand declined to convict the admitted (guilty plea) botherder of a million-bot botnet, citing the negative consequences a conviction would have on the young man's future prospects. See the story here.Well duh. The whole theory of crime and punishment is that if you do something bad, you get punished, and punishment is something that is... (311 天前)

http://inezha.com/w/k9aqlu2

订阅者 ( 1 )

相关订阅源