D
djc
win2000 Server sp4. Native mode domain.
a few simple questions will go a long way in my quest to fully understand
windows security auditing.
When both account logon events and logon events (failures only for both) are
enabled in both the Domain Security Policy and the Domain Controllers
Security Policy what happens in these following scenarios? I am mostly
looking to find out what event and where it is actually logged.
1) user fails a logon to the domain from his workstation due to a wrong
password. Not a net connection attempt, a regular login (i.e. after pressing
ctrl+alt+del)
2) A logged on domain user attempts to connect to a remote share using a UNC
path name and when prompted for a user name and password he supplies the
wrong password.
3) A domain user supplies the wrong password to the prompt from an IIS
intranet website using basic authentication.
These are a few (of the many) common scenarios I want to understand the
whats and wheres of. For instance can one logon falure actually generate
more than one event to be logged? or maybe the same event logged in more
than one place?
any info would be greatly appreciated. Thanks.
a few simple questions will go a long way in my quest to fully understand
windows security auditing.
When both account logon events and logon events (failures only for both) are
enabled in both the Domain Security Policy and the Domain Controllers
Security Policy what happens in these following scenarios? I am mostly
looking to find out what event and where it is actually logged.
1) user fails a logon to the domain from his workstation due to a wrong
password. Not a net connection attempt, a regular login (i.e. after pressing
ctrl+alt+del)
2) A logged on domain user attempts to connect to a remote share using a UNC
path name and when prompted for a user name and password he supplies the
wrong password.
3) A domain user supplies the wrong password to the prompt from an IIS
intranet website using basic authentication.
These are a few (of the many) common scenarios I want to understand the
whats and wheres of. For instance can one logon falure actually generate
more than one event to be logged? or maybe the same event logged in more
than one place?
any info would be greatly appreciated. Thanks.