On Mon, June 21, 2004 6:14 pm, Stuart Fox (DSL AK) said: > You've got some valid points but there is one thing that you've overlooked > - auditing. [...] > Having said that, I've never actually met anyone who uses the registry > auditing, but I'm sure they're out there.
I actually knew a group who once tried to use Windows auditing. After working on it for months they gave up. I never got the full details of why, but apparently it doesn't work exactly as expected. Something to do with the fact that in some cases, it logs what you *could have done* rather than what you *actually did*. In other words, if in the audit logs, when it says it granted permission to do something, that doesn't mean you actually did it. Just that you were granted permission to do it, which to many implies that you did it. However, it wouldn't hold up in court as evidence of something having been done. > It tends to be more related to issues such as dll's needing to be > registered etc. Registered where? ;-) -Eric _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
