Tweet
When looking at the LOCAL security settings on a server (AUDIT) I see the following policies listed:
Account log-on events
Account management events
Log-on events
Object access
Policy change
Privilege use
System events
When I run a report (command line) from DUMPSEC I get the following policies listed:
Restart and Shutdown
Logon and Logoff
File/Object Access
Use of User Right
Process Tracking
Security Policy Changes
User/Group Management
Directory Service Access
Privileged Account Logon
I'm trying to make a one to one comparison so I can properly report the audit settings.
I came up with:
File/Object Access >>>> Object access
Security Policy Changes >>>> Policy change
Privileged Account Logon >>>> Privilege use
User/Group Management >>>> Account management events
So, if the above is correct, what do;
Account log-on events
System events
Log-on events
map to from DUMPSEC?
Thanks
Account log-on events
Account management events
Log-on events
Object access
Policy change
Privilege use
System events
When I run a report (command line) from DUMPSEC I get the following policies listed:
Restart and Shutdown
Logon and Logoff
File/Object Access
Use of User Right
Process Tracking
Security Policy Changes
User/Group Management
Directory Service Access
Privileged Account Logon
I'm trying to make a one to one comparison so I can properly report the audit settings.
I came up with:
File/Object Access >>>> Object access
Security Policy Changes >>>> Policy change
Privileged Account Logon >>>> Privilege use
User/Group Management >>>> Account management events
So, if the above is correct, what do;
Account log-on events
System events
Log-on events
map to from DUMPSEC?
Thanks
Comment