More security events in 2008 than 2003?

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: jcochran PostPosted: Wed Aug 03, 2011 9:01 pm    Post subject: More security events in 2008 than 2003?
    ----
I just noticed after adding a few 2008 R2 DCs that the volume of security events has drastically increased. Does anyone have any information or resources the outline the changes in the security log for 2008?

Author: ryansuttonLocation: San Francisco, California PostPosted: Thu Aug 04, 2011 6:30 pm    Post subject:
    ----
Server 2008 added more categories and sub categories for logging, which is why you are seeing more events.

Author: jcochran PostPosted: Thu Aug 04, 2011 6:32 pm    Post subject:
    ----
Thanks. Yes I'm aware of "why" my event logs are bigger, but I was curious if anyone knew if the changes were documented. I have an application that archives security logs and I need to filter appropriately.

Author: ryansuttonLocation: San Francisco, California PostPosted: Thu Aug 04, 2011 9:08 pm    Post subject:
    ----
http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

Author: jcochran PostPosted: Thu Aug 04, 2011 9:13 pm    Post subject:
    ----
That describes the new 53 auditing categories which are turned off by default.

Author: jcochran PostPosted: Sat Aug 13, 2011 12:54 am    Post subject:
    ----
Here is some good information that I found. While the 53 new audit categories are turned off by default, new audit sub-categories are added to existing 2003 categories. So if you have any of those audit categories enabled via Group Policy, you will notice more events.

http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/OVERVIEW-Audit-Policy

http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Audit-Force-audit-policy-subcategory-settings-Windows-Vista-or-later-to-override-audit-policy-category



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group