Windows Security Logging and Other Esoterica

thoughts from the Windows auditing team

Browse by Tags

Tagged Content List
  • Blog Post: Vista security events get noticed

    Doriansoft noticed that there's a relationship between our pre-Vista security event IDs and our Vista-era security event IDs. For most security events: VistaEventId = PreVistaEventId + 4096 Why is this? We needed to differentiate the Vista events from the pre-Vista events, because we were significantly...
  • Blog Post: Quick Overview of Object Access Auditing in Windows

    A lot of people are unhappy with object access auditing on Windows, because what they want to know is "who touched the object and what did that person do", but what Windows auditing tells you is actually "who touched the object and what did they ask for permission to do". The distinction is subtle, but...
  • Blog Post: Whetting your appetite for Windows Vista

    Here's a cut & paste from one of my Vista machines. This is one of our new events. I'm including the human-formatted view which you'll see in Event Viewer, and the XML view that apps will see (you can see this in the Viewer, too, if you're into that). Look closely- I'll bet you'll be pleasantly...
Page 1 of 1 (3 items)