Windows Security Logging and Other Esoterica

Here's a cut & paste from one of my Vista machines. This is one of our new events. I'm including the human-formatted view which you'll see in Event Viewer, and the XML view that apps will see (you can see this in the Viewer, too, if you're into that). Read More...

Windows has a feature called "impersonation", by which a process running as one user account can assume, on a single thread, the identity of another logged-on user account, for purposes of performing some action on behalf of the second account. This makes Read More...

The BBC reports that the European Parliament has approved rules, as an anti-terror measure, to require telephone companies to retain call and internet records for two years. I do not know if Windows-powered telephony switches exist, but even if they do Read More...

Have you ever wanted a record of admin activity regarding service management? For example, who stopped one of your services? Did you know that you can do this through auditing? It's actually really easy. The "Security Templates" MMC snap-in allows you Read More...

http://support.microsoft.com/default.aspx?scid=kb;en-us;910741 Read More...

Odd thing today- I got two questions about the obscure " FullPrivilegeAuditing " registry setting- so I thought I'd post my answer. Some of this is not new, I posted on the Windows Server 2003 SP1 changes to auditing a while back. Events ID 577 and 578 Read More...