Windows 7 What’s New Guide

Download 129.34 Kb.
bet	95/104
Sana	01.04.2021
Hajmi	129.34 Kb.
	#13818

1 ... 91 92 93 94 95 96 97 98 ... 104

Object access events

Object access events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit a file, directory, registry key, or any other object, you must enable the Object Access category for success and failure events. For example, the File System subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry access.

Proving that this policy is in effect to an external auditor is difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects.

Setting	Description
File System	Audit user attempts to access file system objects. A security audit event is generated only for objects that have SACLs and only if the type of access requested, such as Write, Read, or Modify, and the account making the request match the settings in the SACL.
Registry	Audit attempts to access registry objects. A security audit event is generated only for objects that have SACLs and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
Kernel Object	Audit attempts to access the system kernel, which include mutexes and semaphores. Only kernel objects with a matching SACL generate security audit events. Note The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects.
SAM	Audit events generated by attempts to access Security Accounts Manager (SAM) objects.
Certification Services	Audit Active Directory Certificate Services (AD CS) operations.
Application Generated	Audit applications that generate events by using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
Handle Manipulation	Audit events generated when a handle to an object is opened or closed. Only objects with a matching SACL generate security audit events.
File Share	Audit attempts to access a shared folder. However, no security audit events are generated when a folder is created, deleted, or its share permissions are changed.
Detailed File Share	Audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
Filtering Platform Packet Drop	Audit packets that are dropped by Windows Filtering Platform (WFP).
Filtering Platform Connection	Audit connections that are allowed or blocked by WFP.
Other Object Access Events	Audit events generated by the management of Task Scheduler jobs or COM+ objects.

Katalog: systemsw -> win7
win7 -> Release Notes: Important Issues in Windows 7 with Service Pack 1
win7 -> Installing this Release of Windows Server 2008 R2 with Service Pack 1 2
systemsw -> For more information, press only
systemsw -> Published: February 2004
systemsw -> Windows xp-anwendungskompatibilitätstechnologien Engl. Originaltitel
systemsw -> Published: July 2001
systemsw -> Operating System
systemsw -> Release Notes for Microsoft Windows Server Update Services 0 sp1 5

Download 129.34 Kb.

1 ... 91 92 93 94 95 96 97 98 ... 104

Download 129.34 Kb.