Windows Server Auditing Quick Reference Guide

Uploaded by

Juan Carlos Cortes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

60 views1 page

Windows Server Auditing Quick Reference Guide

Uploaded by

Juan Carlos Cortes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

Quick Reference Guide

Windows Server Auditing

How to enable logging of important Windows Server events in Windows event logs

Local Policy Audit Settings Event ID Reference

 Run gpedit.msc > Local Computer Policy > Computer Configuration > (2003/2008 - 12)
Windows Settings > Security Settings > Local Policies > Audit Policy:
Security Log
 Audit account management > Define > Success
 Audit object access > Define > Success  636/4732 – Local group member added
 637/4733 – Local group member
Registry-level Auditing Settings removed
 635/4731 – Local group created
 Run regedit.exe > HKEY_LOCAL_MACHINE > Right-click “SOFTWARE” >  638/4734 – Local group deleted
Permissions > Advanced > Auditing (Tab) > Click “Add” > Principal
 624/4720 – User account created
“Everyone” > Type “Success” > Applies to “This key and subkeys” >
Advanced Permissions > Check “Set Value”, “Create Subkey”, “Delete”,  630/4726 – User account deleted
“Write DAC”, “Write Owner” > Click “OK”  639/4735 – Local group changed
 642/4738 – User account changed
 Repeat steps above for the “HKEY_LOCAL_MACHINE\SYSTEM” and
“HKEY_USERS\.DEFAULT” nodes  627/4723 – Change password attempt
 628/4724 – User account password set
Event Log Settings  685/4781 – User name changed
 567/4657,4663 – Object access attempt
 Run eventvwr.msc > Windows Logs > Right-click “Application” log >  560/4656 – Object open
Properties:
 562/4658 – Handle closed
 Make sure the “Enable logging” check box is selected
 Set retention method to “Overwrite events as needed” or “Archive  602/4698, 4699, 4700, 4701, 4702 –
the log when full” Scheduled task created, deleted,
enabled, disabled, updated
 Repeat this operation for the “Security” and “System” event logs
Application Log
 Open Event viewer and search the corresponding log for the id’s listed Event Source: MsiInstaller
in the Event ID Reference box  11707 – Software was installed
 11724 – Software was uninstalled
For Detailed Windows Server Auditing,
System Log
Try Netwrix Auditor - netwrix.com/go/trial-ws
Event Source: Service Control Manager

 Change auditing: detection, reporting and alerting on all  7036 – Service state changed
configuration changes across your entire IT infrastructure with Who,  7040—Service start type changed
What, When, Where details and Before/After values.
 Predefined reports and dashboards with filtering, grouping,
sorting, export (PDF, XLS etc.), email subscriptions, drill-down, access
via web, granular permissions and ability to create custom reports.
 AuditArchive™: scalable two-tiered storage (file-based + SQL database)
holding consolidated audit data for 10 years or more. Try Windows Server
 Unified platform to audit the entire IT infrastructure, unlik e other Auditing For Free:
vendors with a set of hard-to-integrate standalone tools.
netwrix.com/go/trial-ws

Corporate Headquarters: Phone: 1-949-407-5125 Int'l: 1-949-407-5125

20 Pacifica, Suite 625, Irvine, CA 92618 Toll-free: 888-638-9749 EMEA: 44 (0) 203-318-0261 netwrix.com/social

IT Admin's Guide to Audit Policies
No ratings yet
IT Admin's Guide to Audit Policies
1 page
Windows Audit Policy Guide
No ratings yet
Windows Audit Policy Guide
7 pages
File Server Auditing Quick Reference Guide
No ratings yet
File Server Auditing Quick Reference Guide
1 page
Active Directory Auditing Quick Reference Guide PDF
No ratings yet
Active Directory Auditing Quick Reference Guide PDF
1 page
Active Directory Auditing Quick Reference Guide PDF
No ratings yet
Active Directory Auditing Quick Reference Guide PDF
1 page
Windows Logging Guide Win7/2008+
100% (1)
Windows Logging Guide Win7/2008+
6 pages
Windows Logging Guide
No ratings yet
Windows Logging Guide
6 pages
Windows+Logging+Cheat+Sheet Ver Jan 2016
No ratings yet
Windows+Logging+Cheat+Sheet Ver Jan 2016
6 pages
Windows Logging Guide for IT Pros
No ratings yet
Windows Logging Guide for IT Pros
6 pages
Windows Logging Cheat Sheet
No ratings yet
Windows Logging Cheat Sheet
6 pages
Audit - Policy - Best - Practices - Security Logs On Windows Servers
No ratings yet
Audit - Policy - Best - Practices - Security Logs On Windows Servers
6 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
104 pages
E Book Security Log
No ratings yet
E Book Security Log
101 pages
Sysadmin September 2024 Edition FR
No ratings yet
Sysadmin September 2024 Edition FR
16 pages
Windows Event Logging Fundamentals For Incident Response
No ratings yet
Windows Event Logging Fundamentals For Incident Response
55 pages
Windows+Logging+Cheat+Sheet Ver Feb 2019 PDF
No ratings yet
Windows+Logging+Cheat+Sheet Ver Feb 2019 PDF
7 pages
Windows Logging Guide for IT Pros
No ratings yet
Windows Logging Guide for IT Pros
7 pages
Netwrix Auditor User Guide
No ratings yet
Netwrix Auditor User Guide
60 pages
E-Book Secure The Intellectual Property of Your Industrial Organization With Netwrix Auditor
No ratings yet
E-Book Secure The Intellectual Property of Your Industrial Organization With Netwrix Auditor
19 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
182 pages
Windows Event Lab
No ratings yet
Windows Event Lab
4 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
195 pages
Security Information and Event Management (Siem) : Nebraskacert 2005
No ratings yet
Security Information and Event Management (Siem) : Nebraskacert 2005
51 pages
Netwrix Auditor User Guide
No ratings yet
Netwrix Auditor User Guide
102 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
232 pages
Netwrix Auditor Administrator Guide
No ratings yet
Netwrix Auditor Administrator Guide
227 pages
Week#5 Lab05
No ratings yet
Week#5 Lab05
8 pages
Netwrix Auditor Administrator Guide
No ratings yet
Netwrix Auditor Administrator Guide
185 pages
Netwrix Auditor Administrator Guide
No ratings yet
Netwrix Auditor Administrator Guide
236 pages
Vmware Auditing Quick Reference Guide
No ratings yet
Vmware Auditing Quick Reference Guide
1 page
Advanced Audit Policy Configuration Complete Reference
No ratings yet
Advanced Audit Policy Configuration Complete Reference
61 pages
Windows Logs Event Forignsic
No ratings yet
Windows Logs Event Forignsic
5 pages
Whitepaper Log Blind Spots
No ratings yet
Whitepaper Log Blind Spots
7 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
202 pages
VMware Auditing Quick Reference Guide
No ratings yet
VMware Auditing Quick Reference Guide
1 page
VMware Auditing Quick Reference Guide PDF
100% (1)
VMware Auditing Quick Reference Guide PDF
1 page
Micro Focus ArcSight Collecting Windows Event Logs
No ratings yet
Micro Focus ArcSight Collecting Windows Event Logs
26 pages
Windows Event Log Troubleshooting Guide
No ratings yet
Windows Event Log Troubleshooting Guide
12 pages
Most Critical Windows Security Events 1682893986
No ratings yet
Most Critical Windows Security Events 1682893986
6 pages
LogRhythmWhitePaper Server2003andServer2008BaselineAuditing 0710213
No ratings yet
LogRhythmWhitePaper Server2003andServer2008BaselineAuditing 0710213
9 pages
Netwrix Auditor For Windows File Servers: Quick-Start Guide
No ratings yet
Netwrix Auditor For Windows File Servers: Quick-Start Guide
24 pages
Netwrix Auditor For NetApp Quick Start Guide
No ratings yet
Netwrix Auditor For NetApp Quick Start Guide
31 pages
Netwrix Auditor: Integration API Guide
No ratings yet
Netwrix Auditor: Integration API Guide
72 pages
Windows NT User Administration
No ratings yet
Windows NT User Administration
15 pages
Windows Splunk Logging Cheat Sheet - Win 7 - Win2012: Definitions
No ratings yet
Windows Splunk Logging Cheat Sheet - Win 7 - Win2012: Definitions
8 pages
2023 10 BluehatUS
No ratings yet
2023 10 BluehatUS
42 pages
Change Auditor: Real-Time Change Auditing For Your Windows Environment
No ratings yet
Change Auditor: Real-Time Change Auditing For Your Windows Environment
2 pages
Netwrix Auditor: Release Notes
No ratings yet
Netwrix Auditor: Release Notes
14 pages
Netwrix Auditor For Active Directory Quick Start Guide
No ratings yet
Netwrix Auditor For Active Directory Quick Start Guide
31 pages
Ch6 - Operating System Forensics
No ratings yet
Ch6 - Operating System Forensics
49 pages
Auditing Operating System and Databases PDF
No ratings yet
Auditing Operating System and Databases PDF
45 pages
Dokumen - Tips - Isoiec 27001 Controls Solutions Isoiec 27001 Controls and Netwrix Auditor
No ratings yet
Dokumen - Tips - Isoiec 27001 Controls Solutions Isoiec 27001 Controls and Netwrix Auditor
26 pages
Netwrix Auditor Installation Configuration Guide PDF
No ratings yet
Netwrix Auditor Installation Configuration Guide PDF
258 pages
Configuring Audit Policies For File Server
No ratings yet
Configuring Audit Policies For File Server
3 pages
Active Directory 2008 Operations Full Ebrief
No ratings yet
Active Directory 2008 Operations Full Ebrief
24 pages
Netwrix Auditor Installation Configuration Guide
No ratings yet
Netwrix Auditor Installation Configuration Guide
331 pages
Common Event Ids For Forensic and SOC Analysts
No ratings yet
Common Event Ids For Forensic and SOC Analysts
12 pages
Introduction To Distributed Systems
No ratings yet
Introduction To Distributed Systems
5 pages
VR Training for Engineering Faculty
No ratings yet
VR Training for Engineering Faculty
3 pages
GView UNMS Quick Start Guide-Guangda EPON NMS
No ratings yet
GView UNMS Quick Start Guide-Guangda EPON NMS
110 pages
Nagios XI Passive Check Setup Guide
No ratings yet
Nagios XI Passive Check Setup Guide
11 pages
Review On Cyber Crime and Security
No ratings yet
Review On Cyber Crime and Security
4 pages
Creating A Vowel Chart in Excel
No ratings yet
Creating A Vowel Chart in Excel
3 pages
Business Analytics and Optimization-BAO
No ratings yet
Business Analytics and Optimization-BAO
30 pages
Datacom 2500
100% (1)
Datacom 2500
152 pages
Ajax Pagination With JQuery
No ratings yet
Ajax Pagination With JQuery
1 page
Umbilical Cord Prolapse
No ratings yet
Umbilical Cord Prolapse
31 pages
Social Intelligence Tools for SMK Students
No ratings yet
Social Intelligence Tools for SMK Students
10 pages
Glints CV Template
No ratings yet
Glints CV Template
1 page
Smartphones For Dummies: (10 Things To Do On Your New Nokia 6630 or Nokia 6680)
No ratings yet
Smartphones For Dummies: (10 Things To Do On Your New Nokia 6630 or Nokia 6680)
4 pages
Types of Charts
100% (2)
Types of Charts
25 pages
2015 IT Risk Assessment Template
No ratings yet
2015 IT Risk Assessment Template
12 pages
M-7000 Address Mapping Guide
No ratings yet
M-7000 Address Mapping Guide
54 pages
Chapter 4 Getting Started With Quickbooks
No ratings yet
Chapter 4 Getting Started With Quickbooks
13 pages
Oracle FUsion Application New Oracle Cloud Console
No ratings yet
Oracle FUsion Application New Oracle Cloud Console
5 pages
Asianic Notebooks Pricelist
No ratings yet
Asianic Notebooks Pricelist
1 page
A. Cognizant Roles & Packages: B. Cognizant Eligibility Criteria
No ratings yet
A. Cognizant Roles & Packages: B. Cognizant Eligibility Criteria
26 pages
Android Malware and Analysis
No ratings yet
Android Malware and Analysis
232 pages
Chapter 9 IP Addressing
No ratings yet
Chapter 9 IP Addressing
30 pages
Mastercam To Mazatrol Post-Processor Tutorial
No ratings yet
Mastercam To Mazatrol Post-Processor Tutorial
78 pages
Murach C# Lecture 1 Slides BTM380 Programming
No ratings yet
Murach C# Lecture 1 Slides BTM380 Programming
36 pages
Computer Architecture - Memory System
100% (1)
Computer Architecture - Memory System
22 pages
Merise - MCP, MLC, MLD - Engl
100% (1)
Merise - MCP, MLC, MLD - Engl
7 pages
Compro Internet Services Provider
No ratings yet
Compro Internet Services Provider
21 pages
openSAP cp1-3 Week 1 Unit 5 ByfAPushApp Presentation
No ratings yet
openSAP cp1-3 Week 1 Unit 5 ByfAPushApp Presentation
15 pages
Tafj Jboss
100% (1)
Tafj Jboss
20 pages
TD-W8961N V1 Datasheet PDF
No ratings yet
TD-W8961N V1 Datasheet PDF
3 pages

Windows Server Auditing Quick Reference Guide

Uploaded by

Windows Server Auditing Quick Reference Guide

Uploaded by

Quick Reference Guide

Windows Server Auditing

Local Policy Audit Settings Event ID Reference

Corporate Headquarters: Phone: 1-949-407-5125 Int'l: 1-949-407-5125

You might also like