Re: [Full-Disclosure] Windows 2000 Logout events are not monitored!

Tue, 11 Nov 2003 11:40:02 -0800 

Bill,

        In windows 2k pro it is even 538. Are you talking about win 2k server
only? In either case, logout events in win2k pro are broken. If anyone
has a fix, I'd be happy to hear about it.

        -Darren

On Mon, 2003-11-10 at 16:44, Bill Royds wrote:
> The logout even is event number 540 in security log. All the Win2K I manage
> have these entries for every logout. Check your security policy to ensure
> that you are recording them.
> There are in Local Security Policy MMS under Local Policies/Audit
> Events/{Audit account logon events,Audit logon events}. YOu want both
> success and failure to caputre a successful logoff.
> 
> ----- Original Message ----- 
> From: "Darren Bennett" <[EMAIL PROTECTED]>
> To: "Full Disclosure" <[EMAIL PROTECTED]>
> Sent: Monday, November 10, 2003 12:42 PM
> Subject: [Full-Disclosure] Windows 2000 Logout events are not monitored!
> 
> 
> : It's possible this has been on the list before but I'm going to check
> : anyway. With windows 2000 (server is the platform I have tested), when
> : auditing of login/logout events is enabled, only login events are
> : recorded. This appears to be a bug with Windows. I have tried applying a
> : patch from Microsoft that is supposed to fix this and the patch didn't
> : work. Anyone else seen this behavior? Any suggestions on how I could
> : record logout events without relying on MS?
> :
> : -Thanks,
> :
> : Darren
> :
> :
> : -----------------------------------------------
> : Darren Bennett - CISSP
> : Sr. Systems Administrator/Manager
> : Science Applications International Corporation
> : Advanced Systems Development and Integration
> : -----------------------------------------------
> :
> : _______________________________________________
> : Full-Disclosure - We believe in it.
> : Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
-----------------------------------------------
Darren Bennett - CISSP
Sr. Systems Administrator/Manager
Science Applications International Corporation
Advanced Systems Development and Integration
-----------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to