'[NTSEC] Windows 2000 Auditing Problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntsecurity
Subject:    [NTSEC] Windows 2000 Auditing Problem
From:       "Imani, Paykan" <paykan.imani () eds ! com>
Date:       2000-03-23 9:36:38
[Download RAW message or body]

TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.


Hi to all.
 
I have installed Windows 2000 servers 4 times on three machines. 

Everytime i have set alle Audits for "Success" and "Failure".
 
But i have set "Audit object access" only for "Failure".
 
For Security Reason i want to disable some Services that i don't use at the
moment. But If i switch off some services like WWW and FTP, i get each
second a Failure audit in " Event Viewer ":
 
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access 
Event ID: 560
Date:  23.03.2000
Time:  10:28:18
User:  SRV2K\Testuser
Computer: SRV2K
Description:
Object Open:
  Object Server: Security
  Object Type: Desktop
  Object Name: \Winlogon
  New Handle ID: -
  Operation ID: {0,553526}
  Process ID: 960
  Primary User Name: Testuser
  Primary Domain: SRV2K
  Primary Logon ID: (0x0,0x17F6B)
  Client User Name: -
  Client Domain: -
  Client Logon ID: -
  Accesses  MAX_ALLOWED 
   Read Objects 
   Write objects 

Does somebody know a solution here?
 
Regards,
 
Paykan

 


[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">


<META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>Hi to 
all.</SPAN></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>I have installed 
Windows 2000 servers 4 times on three machines. <BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>Everytime i have set 
</SPAN></FONT><FONT face=Arial size=2><SPAN class=343320009-23032000>alle 
Audits&nbsp;for "Success" and "Failure".</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=343320009-23032000></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>But i have 
set&nbsp;"Audit object access" only for "Failure".</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=343320009-23032000></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>For Security Reason 
i want to disable some Services that i don't use at the moment. But 
</SPAN></FONT>If i switch off some services like WWW and FTP, i get each second 
a Failure audit in " Event Viewer 
":</SPAN></FONT></DIV></DIV></SPAN></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>Event 
Type:&nbsp;Failure Audit<BR>Event Source:&nbsp;Security<BR>Event 
Category:&nbsp;Object Access <BR>Event 
ID:&nbsp;560<BR>Date:&nbsp;&nbsp;23.03.2000<BR>Time:&nbsp;&nbsp;10:28:18<BR>User:&nbsp;&nbsp;SRV2K\Testuser</SPAN></FONT></DIV>
 <DIV><FONT face=Arial size=2><SPAN 
class=343320009-23032000>Computer:&nbsp;SRV2K<BR>Description:<BR>Object 
Open:<BR>&nbsp;&nbsp;Object Server:&nbsp;Security<BR>&nbsp;&nbsp;Object 
Type:&nbsp;Desktop<BR>&nbsp;&nbsp;Object Name:&nbsp;\Winlogon<BR>&nbsp;&nbsp;New 
Handle ID:&nbsp;-<BR>&nbsp;&nbsp;Operation 
ID:&nbsp;{0,553526}<BR>&nbsp;&nbsp;Process ID:&nbsp;960<BR>&nbsp;&nbsp;Primary 
User Name:&nbsp;Testuser<BR>&nbsp;&nbsp;Primary 
Domain:&nbsp;SRV2K<BR>&nbsp;&nbsp;Primary Logon 
ID:&nbsp;(0x0,0x17F6B)<BR>&nbsp;&nbsp;Client User 
Name:&nbsp;-<BR>&nbsp;&nbsp;Client Domain:&nbsp;-<BR>&nbsp;&nbsp;Client Logon 
ID:&nbsp;-<BR>&nbsp;&nbsp;Accesses&nbsp;&nbsp;MAX_ALLOWED 
<BR>&nbsp;&nbsp;&nbsp;Read Objects <BR>&nbsp;&nbsp;&nbsp;Write objects 
<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=343320009-23032000>Does somebody know a 
solution here?</SPAN></FONT></DIV>
<DIV>&nbsp;</DIV><SPAN class=343320009-23032000>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=343320009-23032000>Paykan</SPAN></FONT></DIV>
<P><FONT face=Arial size=2><SPAN 
class=343320009-23032000></SPAN></FONT>&nbsp;</P></SPAN></BODY></HTML>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic