Welcome to MSDN Blogs Sign in | Join | Help

May 2007 - Posts

The Trouble With Logoff Events

A lot of you guys probably are using your SEM/SEIM systems to record logon and logoff activity without much of a second thought. I just thought I'd bring one problem to your attention. Logoff events are not strictly reliable. From an engineering sense Read More...
Posted Tuesday, May 08, 2007 1:37 PM by Eric Fitzgerald | 2 Comments
Filed under: , ,

Enumerating Stuff in AD when all you see is GUIDs in Audit Records

A lot of things in Active Directory audit events show up as GUIDs but are not translated. Why is that? Well, the Event Viewer in Windows only translate one kind of AD guid, the objectGUID. However AD uses GUIDs in several ways. For instance, group policy Read More...
Posted Thursday, May 03, 2007 1:19 PM by Eric Fitzgerald | 0 Comments
Filed under:

Auditing the Creation of Domain Controllers

Special thanks to Raman in the Active Directory team for this one. Ever want to audit the creation of new domain controllers in your environment? Yeah, me neither :-) However if you ever want to, here's how. 1. The default SACL on Active Directory should Read More...
Posted Thursday, May 03, 2007 11:36 AM by Eric Fitzgerald | 0 Comments
Filed under:
 
Page view tracker