Whetting your appetite for Windows Vista

Here’s a cut & paste from one of my Vista machines.  This is one of our new events.  I’m including the human-formatted view which you’ll see in Event Viewer, and the XML view that apps will see (you can see this in the Viewer, too, if you’re into that). Look closely- I’ll bet you’ll be…

0

What the heck are "Primary User" and "Client User"?

Windows has a feature called “impersonation”, by which a process running as one user account can assume, on a single thread, the identity of another logged-on user account, for purposes of performing some action on behalf of the second account.  This makes sure that we get access control right.   For instance, the Server service,…

1

EU Passes New Log Retention Rule for Telcos

The BBC reports that the European Parliament has approved rules, as an anti-terror measure, to require telephone companies to retain call and internet records for two years. I do not know if Windows-powered telephony switches exist, but even if they do they probably don’t log the desired information to the Windows audit log. Here’s what…

0

Setting SACLs on Services

Have you ever wanted a record of admin activity regarding service management?  For example, who stopped one of your services? Did you know that you can do this through auditing? It’s actually really easy.  The “Security Templates” MMC snap-in allows you to author security templates which will set security descriptors (permissions and auditing) on service…

0

Privilege Use- what do we audit, and when?

Odd thing today- I got two questions about the obscure “FullPrivilegeAuditing” registry setting- so I thought I’d post my answer.  Some of this is not new, I posted on the Windows Server 2003 SP1 changes to auditing a while back. Events ID 577 and 578 are governed by the Privilege Use audit category.  All privileges…

0