[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit Policy: Logon-Logoff: Logoff (Failure)

ID: oval:org.secpod.oval:def:19074Date: (C)2014-05-29   (M)2021-06-02
Class: COMPLIANCEFamily: windows




Auditing of Logon-Logoff: Logoff events on failure should be enabled or disabled as appropriate. Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer. These events are related to the creation of logon sessions and occur on the computer that was accessed. For an interactive logon, events are generated on the computer that was logged on to. For a network logon, such as accessing a share, events are generated on the computer that hosts the resource that was accessed. The following events are recorded: * Logon success and failure. * Logon attempts by using explicit credentials. This event is generated when a process attempts to log on an account by explicitly specifying that account's credentials. This most commonly occurs in batch configurations such as scheduled tasks, or when using the Runas command. * Security identifiers (SIDs) are filtered. Logon events are essential to tracking user activity and detecting potential attacks. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-11113-8
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-11113-8

© SecPod Technologies