Audit Policy: Account Management: Other Account Management Events (Failure)ID: oval:org.secpod.oval:def:19013 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Account Management: Other Account Management Events events on failure should be enabled or disabled as appropriate.
Audit Other Account Management Events, which determines whether the operating system generates user account management audit events. Events can be generated for user account management auditing when: * The password hash of an account is accessed. This typically happens when the Active Directory Migration Tool (ADMT) is moving password data. * The Password Policy Checking application programming interface (API) is called. Calls to this function could be part of an attack from a malicious application that is testing whether password complexity policy settings are being applied. * Changes are made to domain policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy or Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |