Appendix E: Security Event Messages


This appendix contains information that can help you interpret security event messages. When security event auditing is enabled, you can review security-related events by using Event Viewer, a Microsoft Management Console snap-in. For information about enabling security event auditing, see Logon and Authentication and Authorization and Access Control in this book.

Related Information

  • For more information about security events, see Auditing Microsoft Windows Security Events in the Microsoft Windows Security Resource Kit.

Viewing Security Event Messages

You can review security-related events by using Event Viewer, a Microsoft Management Console snap-in.

To view security event messages

  1. Open Event Viewer.

  2. In the console tree, click Security.

  3. Sort events based on any column in the details pane, such as Event ID, User, or Type.

  4. Filter events based on severity, source, or event ID.

Using the event ID number, you can locate the information you need in this appendix. The security event messages are organized by category and include the following categories of event messages:

  • System

  • Logon

  • Object access

  • Privilege use

  • Detailed tracking

  • Policy change

  • User management

  • Account logon

  • Directory service access

To simplify scanning and finding the information that you need, the event listings are sorted numerically from lowest event ID number to highest. This numerical ordering is also helpful because related security events are generally grouped together.

Note 

In several cases, numerical grouping of like events does not apply. These events are cross-referenced in both their numerical and logical locations.

The following information is provided for each event:

  • Event number and title.

  • Parameters that describe the types of detailed information that is provided each time this particular event occurs. Parameters are listed in the order in which they appear in the event.

  • Configurable information that indicates whether the event can be configured to log successes (that is, something happened), failures (something failed to happen), or both failures and successes.

  • Formal name, which is the formal name for the security event. This information is useful for programmers.

    Note 

    Many of the error event messages in this appendix apply to Active Directory based environments and are not seen on Microsoft Windows XP Professional.




Microsoft Windows XP Professional Resource Kit 2003
Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
Year: 2005
Pages: 338

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net