WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Audit Policy
»
Audit system events
»
OVERVIEW: Audit System Events
OVERVIEW: Audit System Events
OVERVIEW: Audit System Events
The Audit system events policy logs several miscellaneous security events.
The following is an exerpt from my book,
The Windows Server Security Log Revealed
:
System Events are an eclectic mix of system events relevant to security including system startup and shutdown. The Windows security infrastructure is designed to be modular and to facilitate new, plug-in security functionality from Microsoft and third-party vendors. These plug-ins can be authentication packages, trusted logon processes, or notification packages. Because these plug-ins are completely trusted modules of code that augment the operating system, Windows logs each plug-in as it loads, using the events from this category.
For a list of Event IDs generated by this category, see the
Security Log Encyclopedia
.
Bottom line
Windows XP, 2000 and 2003: I recommend enabling this policy for success on all computers including workstations. We have not observed any failure events in this category.
Windows Server 2008 and Vista: I don't recommend managing audit policy at this level because too much noise is generated. Use subcategories instead.
See
Audit Category: System Events
(Windows Server 2008 and Vista)
.
User Comments
by
Gloria Spangler
from
http://www.wrcase.com
added Friday, August 28, 2009
Hello,<br /><br />I have enabled the Audit System Events on all of my servers and now the users are being locked out.<br />I tried to change the setting but it is grayed out and won't let me change it. I need help.<br /><br />Please respond.<br /><br />Thanks<br /><br />Gloria
Helpful?
Yes
No
by
RandyFranklinSmith...
added Wednesday, September 02, 2009
this setting does not lock out users. if the local policy doesn't allow you to edit it, it means you have a group policy object in Active Directory being applied to this computer and you will have to edit that
Helpful?
Yes
No
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Article not rated yet.
Article has been viewed 3,236 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
3 Ways Two-Factor Authentication Can Stop APTs from Spreading
Understanding the Security Boundaries and Risks of Multiple Domains, Forests and Trust Relationships
6 Steps to Classifying Your Data
Top 6 Security Events to Monitor in SQL Server
Top 10 Security Events to Monitor in SharePoint
Additional Resources
Security Log Quick Reference Chart
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
User name:
Password:
/
Forgot?
Register
Home