I think we have an in-house hacker in our company. I have a Windows 2000 server that I have gone to Local Security Policy > Local Policies > Audit Policy and turned on Success, Failure to "Audit directory service access, Audit object access, audit system events". I went to a particular directory that we've been having problems with missing files and right-clicked, selected Properties, Security tab, Advanced button, added "everyone" to the auditing tab. I just noticed the following in the Security Event Viewer that I haven't seen before. What is this? "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon process name: KSecDD."
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security using directory audit
- Thread starter lory
- Start date
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question