Announcement

Collapse
No announcement yet.

DUMPSEC - audit policy titles

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • kstanush
    replied
    Re: DUMPSEC - audit policy titles

    I think you might have a couple switched. Here is the DumpSec mapping to the Microsoft function results:

    case AuditCategoryLogon = Logon and Logoff
    case AuditCategoryObjectAccess = File/Object Access
    case AuditCategoryPrivilegeUse = Use of User Right
    case AuditCategoryAccountManagement = User/Group Management
    case AuditCategoryPolicyChange = Security Policy Changes
    case AuditCategorySystem = Restart and Shutdown
    case AuditCategoryDetailedTracking = Process Tracking
    case AuditCategoryDirectoryServiceAccess = Directory Service Access
    case AuditCategoryAccountLogon : pszName = Privileged Account Logon

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: DUMPSEC - audit policy titles

    Thank you. Based on that MSDN article I wa able tp map the DumpSec report to the Local Security Policy as shown in the MMC.


    [This message has been edited by cmor1701d (edited 01-09-2007).]

    Leave a comment:


  • kstanush
    replied
    Re: DUMPSEC - audit policy titles

    There are nine (9) audit settings, which you can see in Hyena when you right click on a computer and select the Policy... properties dialog. I don't know what other utility you are looking at but DumpSec reports the same policy settings as Hyena. If you are looking at another GUI, you would have to enable/disable the settings to determine for sure which setting the output is referring to, but the descriptions should make this fairly easy to map out.

    The results of the Microsoft function used is here:
    http://msdn2.microsoft.com/en-us/library/ms721903.aspx

    Leave a comment:


  • Guest's Avatar
    Guest started a topic DUMPSEC - audit policy titles

    DUMPSEC - audit policy titles

    When looking at the LOCAL security settings on a server (AUDIT) I see the following policies listed:
    Account log-on events
    Account management events
    Log-on events
    Object access
    Policy change
    Privilege use
    System events

    When I run a report (command line) from DUMPSEC I get the following policies listed:
    Restart and Shutdown
    Logon and Logoff
    File/Object Access
    Use of User Right
    Process Tracking
    Security Policy Changes
    User/Group Management
    Directory Service Access
    Privileged Account Logon

    I'm trying to make a one to one comparison so I can properly report the audit settings.

    I came up with:

    File/Object Access >>>> Object access
    Security Policy Changes >>>> Policy change
    Privileged Account Logon >>>> Privilege use
    User/Group Management >>>> Account management events

    So, if the above is correct, what do;
    Account log-on events
    System events
    Log-on events
    map to from DUMPSEC?

    Thanks
Working...
X