Re: Auditing in Windows 2008 and R2 what are folks doing?

4 or 5 times in this thread I believe ;-] > > -Original Message- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Friday, July 30, 2010 2:45 PM > To: NT System Admin Issues > Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? > > Care to elabora

RE: Auditing in Windows 2008 and R2 what are folks doing?

I have at least 4 or 5 times in this thread I believe ;-] -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 2:45 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Care to elaborate on that a bit

Re: Auditing in Windows 2008 and R2 what are folks doing?

> -Original Message- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Friday, July 30, 2010 12:08 PM > To: NT System Admin Issues > Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? > > The systems I've seen described don't depend on a si

RE: Auditing in Windows 2008 and R2 what are folks doing?

lot of disparate systems with slightly different login interfaces use AD for authN. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, July 29, 2010 1:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? We are implementing this

RE: Auditing in Windows 2008 and R2 what are folks doing?

cated. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 12:08 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? The systems I've seen described don't depend on a single syslog server - it

Re: Auditing in Windows 2008 and R2 what are folks doing?

interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob wrote: > They still don't scale > > -Original Message- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Thursday, July 29, 2010 9:26 AM > To: NT System Admin Issues > Subject: Re: Auditing in Windows 2

RE: Auditing in Windows 2008 and R2 what are folks doing?

They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at

Re: Auditing in Windows 2008 and R2 what are folks doing?

e traffic over TCP) if you > need this to produce reliable log files centrally. > > > > Cheers > > Ken > > > > From: Ziots, Edward [mailto:ezi...@lifespan.org] > Sent: Thursday, 29 July 2010 3:50 AM > To: NT System Admin Issues > Subject: RE: Auditing in Wi

Re: Auditing in Windows 2008 and R2 what are folks doing?

dward [mailto:ezi...@lifespan.org] > *Sent:* Thursday, 29 July 2010 3:50 AM > > *To:* NT System Admin Issues > *Subject:* RE: Auditing in Windows 2008 and R2 what are folks doing? > > > > 800+ servers to a syslog? Plus going to have to put agents on every single > server

RE: Auditing in Windows 2008 and R2 what are folks doing?

: Thursday, July 29, 2010 8:34 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? I'll chime in with my 2 cents. We are in the same situation, but we did have a small SCOM implementation. Only used for KMS reporting. I convinced management t

RE: Auditing in Windows 2008 and R2 what are folks doing?

Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: "Ziots, Edward" To: "NT System Admin Issues" Date: 07/29/2010 08:17 AM Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Thanks Ken, appreciate the insight as always.

RE: Auditing in Windows 2008 and R2 what are folks doing?

Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it's not reliable. You'd need to use software that gives you more reliability (e.g. by sending the traffi

RE: Auditing in Windows 2008 and R2 what are folks doing?

Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven

RE: Auditing in Windows 2008 and R2 what are folks doing?

elegant solutions available these days. -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 28, 2010 1:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? We are evaluating for a solution now and one vendor

Re: Auditing in Windows 2008 and R2 what are folks doing?

ood reason there is such a huge 3rd party ISV presence in that > space. > > > > From: Ziots, Edward [mailto:ezi...@lifespan.org] > Sent: Wednesday, July 28, 2010 12:50 PM > To: NT System Admin Issues > Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? >

RE: Auditing in Windows 2008 and R2 what are folks doing?

Sent: Wednesday, July 28, 2010 12:50 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven't used Syslog much for the windows event logg

Re: Auditing in Windows 2008 and R2 what are folks doing?

From: Andrew S. Baker [mailto:asbz...@gmail.com] > Sent: Wednesday, July 28, 2010 3:48 PM > To: NT System Admin Issues > Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? > > > > EventCombMT still works... :) > > > > Why not export all the logs to

Re: Auditing in Windows 2008 and R2 what are folks doing?

espan.org > > Cell:401-639-3505 > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Wednesday, July 28, 2010 3:48 PM > > *To:* NT System Admin Issues > *Subject:* Re: Auditing in Windows 2008 and R2 what are folks doing? > > > > EventComb

RE: Auditing in Windows 2008 and R2 what are folks doing?

ly 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm Fr

RE: Auditing in Windows 2008 and R2 what are folks doing?

1-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dolla

RE: Auditing in Windows 2008 and R2 what are folks doing?

6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Ra

Re: Auditing in Windows 2008 and R2 what are folks doing?

n Organization >> >> Email:ezi...@lifespan.org >> >> Cell:401-639-3505 >> >> >> >> *From:* James Rankin [mailto:kz2...@googlemail.com] >> *Sent:* Wednesday, July 28, 2010 3:36 PM >> >> *To:* NT System Admin Issues >> *Subject:*

Re: Auditing in Windows 2008 and R2 what are folks doing?

; > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org > > Cell:401-639-3505 > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Wednesday, July 28, 2010 3:36 PM > > *To:*

Re: Auditing in Windows 2008 and R2 what are folks doing?

Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org > > Cell:401-639-3505 > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Wednesday, July 28, 2010 3:36 PM > > *To:* NT System Admin Issu

RE: Auditing in Windows 2008 and R2 what are folks doing?

, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing

Re: Auditing in Windows 2008 and R2 what are folks doing?

.re...@live.com] > *Sent:* Tuesday, July 27, 2010 6:29 PM > > *To:* NT System Admin Issues > *Subject:* RE: Auditing in Windows 2008 and R2 what are folks doing? > > > > Have you looked in to using the Audit Collection Services piece of SCOM? I > think ACS could be valuable f

RE: Auditing in Windows 2008 and R2 what are folks doing?

Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event repo

RE: Auditing in Windows 2008 and R2 what are folks doing?

: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, d

Re: Auditing in Windows 2008 and R2 what are folks doing?

I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, domain admins, server ops, and the like). We've also got certain

Auditing in Windows 2008 and R2 what are folks doing?

Hey gang, well I wanted to ask the group, what is everyone doing about their audit policies on Windows 2008 R2 for domain controllers or member servers. I have mapped out all the audit categories and sub-categories, and events, but I don't want the logs to turn into soup, so kinda wanted to se