[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 196303 Download | Alert*

This subcategory reports when registry objects are accessed. Only registry objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the event of a user who accesses a registry object that has a specified system access control list (SACL ...

This subcategory reports when kernel objects such as processes and mutexes are accessed. Only kernel objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. Typically kernel objects are only given SACLs if the AuditBaseObjects or AuditBaseDirectories auditing options are enabled. Refer to the Microsoft Knowledgebase article ?Descript ...

This subcategory reports when a user attempts to log on to the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged on to. If a network logon takes place to access a share, these events generate on the computer that hosts the accessed resource. If you configure this setting to No auditing, it is difficult ...

Audit Policy: Privilege Use: Other Privilege Use Events This subcategory is not used. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use!Audit Policy: Privilege Use: Other Privilege Use Events (2) REG: NO REGISTRY INFO

This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes. Passwords that are stored with reversible encryption are essentially the same as plaintext versions of the passwords. This policy setting determine ...

This subcategory reports when a file share is accessed. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the event of a user who accesses a file share object that has a specified system access control list (SACL), effectively enabling auditing to take place. A SACL is comprised of access control entries (ACEs). Each ACE contains three pieces of ...

This subcategory reports other object access-related events such as Task Scheduler jobs and COM+ objects. Events for this subcategory include: ? 4671: An application attempted to access a blocked ordinal through the TBS. ? 4691: Indirect access to an object was requested. ? 4698: A scheduled task was created. ? 4699 : A scheduled task was deleted. ? 4700 : A scheduled task was enabled. ? 4701: A s ...

This subcategory reports changes in policy rules used by the Microsoft Protection Service (MPSSVC.exe). This service is used by Windows Firewall and by Microsoft OneCare. Events for this subcategory include: ? 4944: The following policy was active when the Windows Firewall started. ? 4945: A rule was listed when the Windows Firewall started. ? 4946: A change has been made to Windows Firewall excep ...

This subcategory reports when replication between two domain controllers begins and ends. Events for this subcategory include: ? 4932: Synchronization of a replica of an Active Directory naming context has begun. ? 4933: Synchronization of a replica of an Active Directory naming context has ended. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in ...

This subcategory reports the results of AuthIP during Extended Mode negotiations. Events for this subcategory include: ? 4978: During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation. ? 4979: IPsec Main Mode and Extended Mode security associations were established. ...


Pages:      Start    19228    19229    19230    19231    19232    19233    19234    19235    19236    19237    19238    19239    19240    19241    ..   19630

© SecPod Technologies