Archived from groups: microsoft.public.win2000.security (
More info?)
thank you.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uDX2EOgSFHA.3988@tk2msftngp13.phx.gbl...
> It all depends on your security policy and needs for your situation. At
bare
> minimum it is a good idea to enable in Domain Controller Security Policy -
> auditing of "account logon" events for success and failure, system events
> for success and failure, logon events for failure, account management for
> success and failure, and policy change for success and failure. For domain
> computers auditing of "logon" events for success and failure, system
events
> for success and failure, policy change for success and failure, and
account
> management for success and failure is a good idea. Make sure the size of
the
> security logs has been increased quite a bit from default. The link below
> should be helpful. --- Steve
>
>
http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
>
> "Kenneth Bryant" <kbryant@checksinthemail.com> wrote in message
> news:%23OHLYrdSFHA.2520@TK2MSFTNGP09.phx.gbl...
> > We are running Win2k With AD. Does anybody know what are the best
events
> > to
> > look for when tracking possible security breaches? Is there a website
> > that
> > has what event id's to look for?
> >
> > Thanks,
> >
> > Kenneth
> >
> >
>
>