AUDITING:
creating a security template:
run:mmc,console,add remove snap-in,add:security
configuration and analysis, security configiration,
console,save as :security tools.
right click security tools, run as..expand security
templates, right click c:\winnt..-->new template
named server_name security template+descripion.
expand c:\winnt..templates, server_name security
template,local policies, user rights assignment,
shut down the system in the template security
policy settings select define these policy settings
in a template,add admins.
console, security option,at right
"do not display last username logon.."
in the template security policy settings select
define these policy settings
in a template click enable.
click massege text for users atempting to log on,
difine,enabled.
the same: message tytle for a user.
system services,telnet,difine,startup mode -disabled.
Analize and configuring computer security by using
security template:
in console right click security config..,
open database,in import template
write: server_name security template.
analize computer now. check:
local policies\user rights\shutdown the system
and athers.. ,configure computer now.
analyse computer now.--> check configuration again:
setting+phisical(alt+crtl+)
open security configuration and .. configure computer now.
configuring audit settings:
command prompt:
runas /user:nwtraders.msft\adminX "secedit /refreshpolicy
machine_policy", secedit.exe
open file :\bronte.txt properties,security,advanced,auditing
tab,add,every1,successfull,failed..
on security cleare the allow inheritable permitions...
start,settings,printers,prop,security,
advanced,auditind,add...
check:file,printer, see if it was loged at event viewer.
right click on a file,security,advanced,
auditing tab,add a user, give what u ask.
|