resources and events that can help you keep your security knowledge
and skills up to date and keep your Windows and other systems secure.
=== SECURITY Q&A ===============================================
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com
Q: Someone recently renamed an employee's account to something
inappropriate, and we can't determine who did it. Is there a way to
find out from the Security event log?
A: The answer is yes if the "Audit account management events" audit
policy was enabled on your domain controllers (DCs) at the time of the
change. A user account has several name fields: The Common Name field
is the name displayed when user objects are listed in an organizational
unit (OU) in the Microsoft Management Console (MMC) Active Directory
Users and Computers snap-in. The Display Name field is found on the
General tab of the user object's Properties dialog box. The Logon Name
field is also known as the User Principal Name. The pre-Windows 2000
logon name is also called the SAM Account Name.
Look first for event ID 685, which Windows logs if you change the pre-
Win2K logon name. If the pre-Win2K logon name wasn't changed, look at
event ID 642 (user account changed) and examine the fields the event
lists as having been modified. When you find the changed name, check
the User field to find out who made the change.
If the only name field changed is Common Name, Windows doesn't log
event ID 642. To track changes to the Common Name field, you must
enable the "Audit directory service access" audit policy and make sure
that user objects have auditing enabled for the cn property.
(This Security Q&A originally appeared in Security Pro VIP's
Access Denied column.)
=== SECURITY RESOURCES =========================================
The following security-related resources are brought to you by Windows
IT Pro. For additional resources and information, visit
http://list.windowsitpro.com/t?ctl=5885C:4160B336D0B60CB192AAC52E899576F1
Is your company addressing the risks of email without diluting the
benefits of email? Download this guide today and find out what you can
do to realize the dramatic and quantifiable ROI that will move your
company quickly from analyzing options and seeking budget approval to
solving the problem with a solution that will pay for itself many times
over.
http://list.windowsitpro.com/t?ctl=58856:4160B336D0B60CB192AAC52E899576F1
Learn to gather evidence of compliance across multiple systems, and
link the data to regulatory and framework control objectives. On-Demand
Web Seminar
http://list.windowsitpro.com/t?ctl=58854:4160B336D0B60CB192AAC52E899576F1
Learn the best ways to manage your email security (and fight spam)
using a variety of solutions and tips.
http://list.windowsitpro.com/t?ctl=58855:4160B336D0B60CB192AAC52E899576F1
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=58859:4160B336D0B60CB192AAC52E899576F1
http://list.windowsitpro.com/t?ctl=5885B:4160B336D0B60CB192AAC52E899576F1
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=58858:4160B336D0B60CB192AAC52E899576F1
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB192AAC52E899576F1
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5885A:4160B336D0B60CB192AAC52E899576F1
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=58857:4160B336D0B60CB192AAC52E899576F1
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment