[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Logon-Logoff: Audit Special Logon

ID: oval:gov.nist.usgcb.windowsseven:def:178Date: (C)2012-04-13   (M)2022-10-10
Class: COMPLIANCEFamily: windows




This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=121697). Volume: Low. Default: Success. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon-Logoff\Audit Special Logon events on failure (2) REG: INFO NOT AVAILABLE

Platform:
Microsoft Windows 7
Reference:
CCE-9521-6
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9521-6
XCCDF    4
xccdf_nist_benchmark_Windows_7
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_7
xccdf_hippa_benchmark_Windows_7
...

© SecPod Technologies