Archived from groups: microsoft.public.win2000.security (
More info?)
Unfortunately, I have to enable auditing of global system objects.
I've been searching for almost 3 weeks now and found nothing. My site
administrators are complaining about excessive log sizes.
Thanks for the info though. At least I'm not the only one.
"Roger Abell" wrote:
> I am not sure of the last you have displayed.
>
> The first two may be masked if you do not enable the policy
> to audit global system objects. Although this does not sound
> like a good thing to do, on the other hand it is not clear how
> much use most people would make of the provided info.
>
> I have noticed that the first two are fairly commonly seen
> on W2k server when one enables audit global system objects.
> I have also queried internally a couple times for info on the
> second (crypt32LogoffEvent) and once a year and half ago
> did an exhaustive search for info and came up empty.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Mike St.Onge" <MikeStOnge@discussions.microsoft.com> wrote in message
> news:8FE88993-7B80-4B6D-94A3-047EC19F1CEE@microsoft.com...
> > Oops. Wrong button.
> >
> > Anyways, the event looks like this
> > Object Server: Security
> > Object Type: Mutant
> > Object Name: \BaseNamedObjects\RasPbFile
> >
> > or
> >
> > Object Server: Security
> > Object Type: Event
> > Object Name: \BaseNamedObjects\crypt32LogoffEvent
> >
> > Or lots of these when running Task Manager
> > Object Server: Security
> > Object Type: Desktop
> > Object Name: \\Winlogon
> >
> >
> > Any ideas?
>
>
>
Facebook
Twitter
Instagram