Subcategory Auditing


Subcategory Auditing

b

For this App, Logbinder utilizes...

1. Directory Service Replication with the enabling of Success.  On ultimatewindowssecurity.com, the recommendation is to disable success as the events are more operational in nature than security.  What does this subcategory provide in logs?

2. Other Policy Change Events with the enabling of Success.  On ultimatewindowssecurity.com, the enabling of this subcategory provides logs for Event ID 5447.  However, Event ID 5447 is not listed in the slide for Windows Security Events.  What does this subcategory provide in logs?



RandyFranklinSmith

bobbychan - 5/31/2017
For this App, Logbinder utilizes...

1. Directory Service Replication with the enabling of Success.  On ultimatewindowssecurity.com, the recommendation is to disable success as the events are more operational in nature than security.  What does this subcategory provide in logs?

2. Other Policy Change Events with the enabling of Success.  On ultimatewindowssecurity.com, the enabling of this subcategory provides logs for Event ID 5447.  However, Event ID 5447 is not listed in the slide for Windows Security Events.  What does this subcategory provide in logs?



1. We need this category in order to generate a list of domain controllers.  This category is guaranteed to generate events from each domain controller - events that are only logged by domain controllers.  That allows us to build a list of all domain controllers so that we can look at other events (which are logged both by DCs and non-DCs) and know if they are coming from a domain controller.  Supercharger's Active Directory Changes managed filter which you should use on the subscription filters down the events generated by this category to a fraction and only forwards those.

2. These events
6144   Security policy in the group policy objects has been applied successfully
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=6144 
6145   One or more errors occured while processing security policy in the group policy objects 
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=6145
GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search