Windows Security Logging and Other Esoterica
thoughts from the Windows auditing team
May 2007 - Posts
The Trouble With Logoff Events
08 May 07 01:37 PM
|
Eric Fitzgerald
|
1 Comments
A lot of you guys probably are using your SEM/SEIM systems to record logon and logoff activity without much of a second thought. I just thought I'd bring one problem to your attention. Logoff events are not strictly reliable. From an engineering sense
Read More...
Enumerating Stuff in AD when all you see is GUIDs in Audit Records
03 May 07 01:19 PM
|
Eric Fitzgerald
|
0 Comments
A lot of things in Active Directory audit events show up as GUIDs but are not translated. Why is that? Well, we only translate one kind of AD guid, the objectGUID. However AD uses GUIDs in several ways. For instance, group policy objects have a common
Read More...
Auditing the Creation of Domain Controllers
03 May 07 11:36 AM
|
Eric Fitzgerald
|
0 Comments
Special thanks to Raman in the Active Directory team for this one. Ever want to audit the creation of new domain controllers in your environment? Yeah, me neither :-) However if you ever want to, here's how. 1. The default SACL on Active Directory should
Read More...
Search
Go
This Blog
Home
Email
Tags
ACS
Descriptions
HowTo
Laws
News
Previews
Privacy
Rants
SEM
Tips
Tools
Archives
April 2008 (2)
March 2008 (1)
February 2008 (3)
January 2008 (1)
November 2007 (1)
October 2007 (2)
August 2007 (5)
July 2007 (3)
June 2007 (2)
May 2007 (3)
April 2007 (1)
February 2007 (3)
October 2006 (1)
September 2006 (2)
August 2006 (2)
June 2006 (1)
May 2006 (2)
March 2006 (3)
December 2005 (6)
November 2005 (2)
September 2005 (3)
August 2005 (11)
January 2005 (1)
December 2004 (2)
October 2004 (1)
Syndication
RSS 2.0
Atom 1.0