Windows Security Logging and Other Esoterica
thoughts from the Windows auditing team
December 2005 - Posts
Whetting your appetite for Windows Vista
20 December 05 05:19 PM
|
Eric Fitzgerald
|
0 Comments
Here's a cut & paste from one of my Vista machines. This is one of our new events. I'm including the human-formatted view which you'll see in Event Viewer, and the XML view that apps will see (you can see this in the Viewer, too, if you're into that).
Read More...
What the heck are "Primary User" and "Client User"?
16 December 05 10:01 AM
|
Eric Fitzgerald
|
1 Comments
Windows has a feature called "impersonation", by which a process running as one user account can assume, on a single thread, the identity of another logged-on user account, for purposes of performing some action on behalf of the second account. This makes
Read More...
EU Passes New Log Retention Rule for Telcos
14 December 05 12:55 PM
|
Eric Fitzgerald
|
0 Comments
The BBC reports that the European Parliament has approved rules, as an anti-terror measure, to require telephone companies to retain call and internet records for two years. I do not know if Windows-powered telephony switches exist, but even if they do
Read More...
Setting SACLs on Services
09 December 05 09:46 AM
|
Eric Fitzgerald
|
0 Comments
Have you ever wanted a record of admin activity regarding service management? For example, who stopped one of your services? Did you know that you can do this through auditing? It's actually really easy. The "Security Templates" MMC snap-in allows you
Read More...
Auditing Flaw in Microsoft SQL Server 2000
05 December 05 04:26 PM
|
Eric Fitzgerald
|
0 Comments
http://support.microsoft.com/default.aspx?scid=kb;en-us;910741
Read More...
Privilege Use- what do we audit, and when?
05 December 05 04:06 PM
|
Eric Fitzgerald
|
0 Comments
Odd thing today- I got two questions about the obscure " FullPrivilegeAuditing " registry setting- so I thought I'd post my answer. Some of this is not new, I posted on the Windows Server 2003 SP1 changes to auditing a while back. Events ID 577 and 578
Read More...
Search
Go
This Blog
Home
Email
Tags
ACS
Descriptions
HowTo
Laws
News
Previews
Privacy
Rants
SEM
Tips
Tools
Archives
April 2008 (2)
March 2008 (1)
February 2008 (3)
January 2008 (1)
November 2007 (1)
October 2007 (2)
August 2007 (5)
July 2007 (3)
June 2007 (2)
May 2007 (3)
April 2007 (1)
February 2007 (3)
October 2006 (1)
September 2006 (2)
August 2006 (2)
June 2006 (1)
May 2006 (2)
March 2006 (3)
December 2005 (6)
November 2005 (2)
September 2005 (3)
August 2005 (11)
January 2005 (1)
December 2004 (2)
October 2004 (1)
Syndication
RSS 2.0
Atom 1.0