|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running
Subject: Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running
From: David LeBlanc (dleblanc
MINDSPRING.COM)
Date: Tue Dec 07 1999 - 12:44:36 CST
- Next message: Shawn Cox: "Re: Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability"
- Previous message: John Stanners: "Re: NTmail and VRFY"
- In reply to: Gary Kuyat: "AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Next in thread: Jesse Aaron Safir: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Reply: David LeBlanc: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Reply: Jesse Aaron Safir: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:10 AM 12/7/99 -0800, Gary Kuyat wrote:
>In the TechNet article "Securing Windows NT 4.0 Installation" the following
>entry appears:
>
>----
>Auditing Base Objects
>To enable auditing on base system objects, add the following key value to
>the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa:
[snip]
>Once this entry is set, and Auditing "File and Object Access" failures is
>enabled, bringing up the Task Manager will cause the following entry to
>appear in the Security Log approximately once a second:
I believe that this setting is also documented as causing large volumes of
log entries. However, now that I look, I can't find this anywhere in the
KB. My understanding is that this is the reason this isn't on by default,
and that you'd only turn it on to do specific debugging.
I'll look into why this isn't documented in the TechNet article.
David LeBlanc
dleblancmindspring.com
- Next message: Shawn Cox: "Re: Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability"
- Previous message: John Stanners: "Re: NTmail and VRFY"
- In reply to: Gary Kuyat: "AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Next in thread: Jesse Aaron Safir: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Reply: David LeBlanc: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Reply: Jesse Aaron Safir: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Dec 07 1999 - 14:21:16 CST