November 20, 2006
Ideally, security-monitoring and administrative responsibilities should be assigned to different people. Here's a framework for the access levels security administrators should have and some recommended tools to help them do their job.
October 16, 2006
Do you log anonymous logon events on your servers? Find out how dangerous these events are and whether you can disable or block them from your security logs.
September 18, 2006
Find out whether it's normal to log a high number of expired tickets in a short period of time.
April 17, 2006
You can discover who made a change if the Audit account management events audit policy was enabled on your DCs at the time of the change.
March 20, 2006
Examining event ID 560 and associated event IDs 528, 540, and 592 will give you the answers you need.
March 20, 2006
The answer might lie in the Security event log of your Windows DC.
March 20, 2006
User account creations create a telltale pattern in the Security log of event ID 624, followed by several instances of event ID 642 interspersed with event IDs 626 and 628.
March 20, 2006
Get answers to your Windows security questions.
February 21, 2006
The neuroview format makes viewing your Security log output fun.
December 19, 2005
Every month, Randy Franklin Smith answers your questions about security. Click the links above to see individual Q&As from this month's column.
December 19, 2005
In Windows 2000 SP3 and later, event ID 643 once again logs domain policy changes, as it did in Windows NT.
November 21, 2005
To avoid missing security events, set the log size to at least 10 MB and have the log always overwrite older events with newer events.
November 21, 2005
Every month, Randy Franklin Smith answers your questions about security. Click the links above to see individual Q&As from this month's column. Send your questions to Randy at rsmith@ultimatewindowssecurity.com.
September 20, 2005
Get answers to your Windows security questions
September 20, 2005
Enable the Audit process tracking audit policy and monitor for event ID 592 to discover which programs have run on a system.
March 21, 2005
In Windows 2003 and Windows XP, Microsoft eliminated event ID 675, event ID 676, and event ID 681 and merged them with their corresponding success events.
March 21, 2005
If your users’ workstations use Kerberos to authenticate to your DC, event IDs in the Security log won't tell you the cause of any logon failures.
Add these Headlines to your Website
